Re: Split-horizon dns
Hi, Yes use PF to separate your clients on the routing machine and then use the server with the proper DB. HTH On 2021-03-25 6:52 a.m., Родин Максим wrote: Hello, Is there a way to do split horizon dns using NSD? I did not find anything similar in man nsd.conf
Re: Split-horizon dns
just run a second nsd on separate (ip)/port, then use unbound as a router On 3/25/21 12:52 PM, Родин Максим wrote: > Hello, > Is there a way to do split horizon dns using NSD? > I did not find anything similar in man nsd.conf
Split-horizon dns
Hello, Is there a way to do split horizon dns using NSD? I did not find anything similar in man nsd.conf -- Best regards Maksim Rodin
Re: Split Horizon DNS issues w/named.conf
Christopher Sean Hilton wrote:
Repost with conf file included:
I'm trying to track down a split horizon DNS issue. On initial startup
everything works great. Internal hosts can resolve names against my
complete zone and can resolve names for other internal hosts just
fine. External hosts get the abbreviated views that I've setup. But
after a period of time named stops responding to external host.
Requests to it just time out. I'm running stock named on OpenBSD 4.3.
I've attached my named.conf file to this message:
take note of the security advisory for 4.3's BIND:
http://openbsd.org/errata43.html#004_bind
upgrade your grey matter cuz one day it may matter
// $OpenBSD: named-dual.conf,v 1.6 2004/08/16 15:48:28 jakob Exp $
//
acl clients {
127.0.0.0/8;
192.168.0.0/23;
::1;
};
options {
version ""; // remove this to allow version queries
listen-on{ any; };
listen-on-v6 { any; };
};
logging {
category lame-servers { null; };
};
view "internal" {
match-clients { clients; };
match-recursive-only yes;
//
-
// Standard zones
//
zone "." {
type hint;
file "standard/root.hint";
};
zone "localhost" {
type master;
file "standard/localhost";
allow-transfer { localhost; };
};
zone "127.in-addr.arpa" {
type master;
file "standard/loopback";
allow-transfer { localhost; };
};
zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
type master;
file "standard/loopback6.arpa";
allow-transfer { localhost; };
};
//
-
// Slave zones
//
zone "example.com" IN {
type slave;
file "slave/db.example.com";
check-names ignore;
masters { 192.168.1.34; };
allow-transfer { localhost; 192.168.1.34; 192.168.0.34; };
};
zone "0.168.192.in-addr.arpa" IN {
type slave;
file "slave/db.192.168.0";
masters { 192.168.1.34; };
allow-transfer { localhost; 192.168.1.34; 192.168.0.34; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slave/db.192.168.1";
masters { 192.168.1.34; };
allow-transfer { localhost; 192.168.1.34; 192.168.0.34; };
};
};
view "external" {
match-clients { "any"; };
recursion no;
additional-from-auth no;
additional-from-cache no;
//
-
// Master zones
zone "example.com" {
type master;
file "master/db.example.com";
};
};
// Local variables:
// mode: fundamental
// mode: font-lock
// tab-width: 4
// End:
-- Chris
Re: Split Horizon DNS issues w/named.conf
Repost with conf file included:
I'm trying to track down a split horizon DNS issue. On initial startup
everything works great. Internal hosts can resolve names against my
complete zone and can resolve names for other internal hosts just
fine. External hosts get the abbreviated views that I've setup. But
after a period of time named stops responding to external host.
Requests to it just time out. I'm running stock named on OpenBSD 4.3.
I've attached my named.conf file to this message:
// $OpenBSD: named-dual.conf,v 1.6 2004/08/16 15:48:28 jakob Exp $
//
acl clients {
127.0.0.0/8;
192.168.0.0/23;
::1;
};
options {
version ""; // remove this to allow version queries
listen-on{ any; };
listen-on-v6 { any; };
};
logging {
category lame-servers { null; };
};
view "internal" {
match-clients { clients; };
match-recursive-only yes;
//
-
// Standard zones
//
zone "." {
type hint;
file "standard/root.hint";
};
zone "localhost" {
type master;
file "standard/localhost";
allow-transfer { localhost; };
};
zone "127.in-addr.arpa" {
type master;
file "standard/loopback";
allow-transfer { localhost; };
};
zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
type master;
file "standard/loopback6.arpa";
allow-transfer { localhost; };
};
//
-
// Slave zones
//
zone "example.com" IN {
type slave;
file "slave/db.example.com";
check-names ignore;
masters { 192.168.1.34; };
allow-transfer { localhost; 192.168.1.34; 192.168.0.34; };
};
zone "0.168.192.in-addr.arpa" IN {
type slave;
file "slave/db.192.168.0";
masters { 192.168.1.34; };
allow-transfer { localhost; 192.168.1.34; 192.168.0.34; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slave/db.192.168.1";
masters { 192.168.1.34; };
allow-transfer { localhost; 192.168.1.34; 192.168.0.34; };
};
};
view "external" {
match-clients { "any"; };
recursion no;
additional-from-auth no;
additional-from-cache no;
//
-
// Master zones
zone "example.com" {
type master;
file "master/db.example.com";
};
};
// Local variables:
// mode: fundamental
// mode: font-lock
// tab-width: 4
// End:
-- Chris
--
Chris Hilton chris-at-vindaloo-dot-com
"All I was doing was trying to get home from work!"
-- Rosa Parks
Re: Split Horizon DNS issues....
On Tue, Jan 13, 2009 at 10:05:02AM -0500, Christopher Sean Hilton wrote: > I've attached my named.conf file to this message. Sorry about the Mime > attachment. no problem, mr. demime took care about it: > [demime 1.01d removed an attachment of type application/octet-stream which > had a name of named.conf-split-obsd] -- Alexander Yurchenko
Split Horizon DNS issues....
I'm trying to track down a split horizon DNS issue. On initial startup everything works great. Internal hosts can resolve names against my complete zone and can resolve names for other internal hosts just fine. External hosts get the abbreviated views that I've setup. But after a period of time named stops responding to external host. Requests to it just time out. I'm running stock named on OpenBSD 4.3. I've attached my named.conf file to this message. Sorry about the Mime attachment. -- Chris Chris Hilton e: chris|at|vindaloo| dot|com "The pattern juggler lifts his hand; The orchestra begin. As slowly turns the grinding wheel in the court of the crimson king." -- Ian McDonald / Peter Sinfield [demime 1.01d removed an attachment of type application/octet-stream which had a name of named.conf-split-obsd]
