Re: Combining forward with master zone.
Thank you all for your help with this. -- Hal On 2/21/19, 4:04 AM, "bind-users on behalf of Matus UHLAR - fantomas" wrote: >On Wed, Feb 20, 2019 at 3:40 PM King, Harold Clyde (Hal) >wrote: >> Could I just define needs.example.com as a zone in a separate file so: >> >> zone "example.com" { type master; notify no; file "static/antiphish.db"; >> }; >> >> zone "needs.example.com" { type forward; forwards{8.8.8.8;}; On 20.02.19 16:08, Kevin Darcy wrote: >Delegate needs.example.com from example.com and you should be set. if this is not clear enough, it means that the "example.com" zone stored in "static/antiphish.db" file must contain NS record for "needs": needs NS your.name.server. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh". ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Combining forward with master zone.
On Wed, Feb 20, 2019 at 3:40 PM King, Harold Clyde (Hal) wrote: Could I just define needs.example.com as a zone in a separate file so: zone "example.com" { type master; notify no; file "static/antiphish.db"; }; zone "needs.example.com" { type forward; forwards{8.8.8.8;}; On 20.02.19 16:08, Kevin Darcy wrote: Delegate needs.example.com from example.com and you should be set. if this is not clear enough, it means that the "example.com" zone stored in "static/antiphish.db" file must contain NS record for "needs": needs NS your.name.server. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh". ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Combining forward with master zone.
On 02/20/2019 01:19 PM, King, Harold Clyde (Hal) wrote: Can I create a root zone to define a wildcard pointing to our warning page with one hostname defined going to a forward’ed DNS source? I could just give it an IP, but can I forward that one domain to outside DNS (Google or their NS repository)? Are you using Response Policy Zone? Or are you trying to do a DNS hijack? If you're using RPZ, you should be able to make example.com. / *.example.com. redirect while still allowing needs.example.com. to pass thru unmodified. example.com IN CNAME url-blocking.ourdns.com *.example.com IN CNAME url-blocking.ourdns.com needs.example.com IN rpz-passthru. I prefer RPZ for this type of filtering over DNS hijacking if I can do so. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Combining forward with master zone.
Delegate needs.example.com from example.com and you should be set. - Kevin On Wed, Feb 20, 2019 at 3:40 PM King, Harold Clyde (Hal) wrote: > Could I just define needs.example.com as a zone in a separate file so: > > > > zone "example.com" { type master; notify no; file "static/antiphish.db"; > }; > > zone "needs.example.com" { type forward; forwards{8.8.8.8;}; > > > > > > -- > > Hal > > > > > > > We have a URL phishing setup that causes URLs we detect to redirect to a > warning page. We have run into a problem. One of our clients has scripts > that he calls from a host in that domain. > > Needs.example.com when we block example.com. > > Can I create a root zone to define a wildcard pointing to our warning page > with one hostname defined going to a forward’ed DNS source? I could just > give it an IP, but can I forward that one domain to outside DNS (Google or > their NS repository)? > > > > Here’s a very rough draft of the root zone: > > > > $ORIGIN . > > $TTL 3600 > > example.com IN SOA us.ourdns.com. helpdesk.ourdns.com. > > > > *CNAME url-blocking.ourdns.com > > needsforward(8.8.8.8) > > > > -- > > Hal > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Combining forward with master zone.
Could I just define needs.example.com as a zone in a separate file so: zone "example.com" { type master; notify no; file "static/antiphish.db"; }; zone "needs.example.com" { type forward; forwards{8.8.8.8;}; -- Hal We have a URL phishing setup that causes URLs we detect to redirect to a warning page. We have run into a problem. One of our clients has scripts that he calls from a host in that domain. Needs.example.com when we block example.com. Can I create a root zone to define a wildcard pointing to our warning page with one hostname defined going to a forward’ed DNS source? I could just give it an IP, but can I forward that one domain to outside DNS (Google or their NS repository)? Here’s a very rough draft of the root zone: $ORIGIN . $TTL 3600 example.com IN SOA us.ourdns.com. helpdesk.ourdns.com. *CNAME url-blocking.ourdns.com needsforward(8.8.8.8) -- Hal ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Combining forward with master zone.
As discussed in another thread, delegate the zone you want to forward, in addition to defining the zone as "type forward". If you already tried a "type forward" and it didn't work, it was probably because the delegation was missing. It's a non-obvious requirement, but named needs to see the zone cut. - Kevin On Wed, Feb 20, 2019 at 3:19 PM King, Harold Clyde (Hal) wrote: > We have a URL phishing setup that causes URLs we detect to redirect to a > warning page. We have run into a problem. One of our clients has scripts > that he calls from a host in that domain. > > Needs.example.com when we block example.com. > > Can I create a root zone to define a wildcard pointing to our warning page > with one hostname defined going to a forward’ed DNS source? I could just > give it an IP, but can I forward that one domain to outside DNS (Google or > their NS repository)? > > > > Here’s a very rough draft of the root zone: > > > > $ORIGIN . > > $TTL 3600 > > example.com IN SOA us.ourdns.com. helpdesk.ourdns.com. > > > > *CNAME url-blocking.ourdns.com > > needsforward(8.8.8.8) > > > > -- > > Hal > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Combining forward with master zone.
We have a URL phishing setup that causes URLs we detect to redirect to a warning page. We have run into a problem. One of our clients has scripts that he calls from a host in that domain. Needs.example.com when we block example.com. Can I create a root zone to define a wildcard pointing to our warning page with one hostname defined going to a forward’ed DNS source? I could just give it an IP, but can I forward that one domain to outside DNS (Google or their NS repository)? Here’s a very rough draft of the root zone: $ORIGIN . $TTL 3600 example.com IN SOA us.ourdns.com. helpdesk.ourdns.com. *CNAME url-blocking.ourdns.com needsforward(8.8.8.8) -- Hal ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users