Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Conditional Forwarding using BIND9
Special Forums IP Networking Conditional Forwarding using BIND9 Post 302241812 by neked on Tuesday 30th of September 2008 10:57:12 AM
Old 09-30-2008
Conditional Forwarding using BIND9
Hello,

I'm a noob when it comes to DNS and BIND9, so forgive me if my description seems pedantic:

I connect to my workplace's network using VPN, which sets me up with the workplace DNS servers. Those servers manage the an internal namespace (visible only to users inside the VPN), with a specific domain name -- lets call it internal.net. Those servers also resolve queries to external addresses (e.g. Google) by forwarding them to some external DNS masters.

Without connecting to the VPN, my DNS lookups are performed via the router (192.168.0.1) which forwards to the ISP DNS server. What I would like to do is do is:
  • all lookups that don't belong to internal.net should be performed on my ISP's DNS server
  • all lookups belonging to internal.net are done on the VPN DNS servers

I was able to do this in the past with simply having the /etc/resolv.conf look like:

Code:
nameserver 192.168.0.1
search internal.net
nameserver 10.0.0.1 <== the addr of the VPN DNS

But the problem is that my ISP recently introduced the annoying DNS redirection "service" where they redirect all unresolved DNS queries to an ad-laden search page, so if I do a lookup on somehost.internal.net, my ISP's DNS will resolve it to their own search page, preventing the use of nameserver 10.0.0.1.

So I figured I could solve this problem by having a local BIND9 instance on my machine that does conditional forwarding based on domain name. The problem is BIND9 configuration seems intimidating and my trials with it have been unsuccessful. Can someone suggest to me a simple BIND9 configuration that achieves my goals?'

Thanks!
Neked
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

Dns cache poisoning upgrade to bind9.5.0p2

Hi again guys, It seems this is a global thing affecting all the DNS bind versions prior to July 28 2008. I have my work cut out for me very soon, I see at least a handful of servers in my list that either need to patching or upgrading. How many of you guys are affected? Anybody successfully... (4 Replies)
Discussion started by: sparcguy
4 Replies

2. IP Networking

DNS upgrade issues, bind9.5.0_P1

so we had bind 9.3.0... we upgraded to 9.5.0 patch 1 we kept the exact same named.conf now we have a problem that some DMZ server cant do lookups from our DNS slave anymore. in the named.log we see things like this: 22-Jul-2008 16:05:04.694 security: info: client <our DMZ servers... (2 Replies)
Discussion started by: robsonde
2 Replies

3. Cybersecurity

ssh X-forwarding and remote forwarding behind proxy

Hi, from my workplace we use a proxy to connect to the outside world, including external ssh servers. The problem is that the server is seeing the connection coming from the proxy and knows nothing about the client behind it. The ssh connection itself works fine, but x-forwarding does not work as... (1 Reply)
Discussion started by: vampirodolce
1 Replies

4. UNIX and Linux Applications

bind9 with ldap using dlz

Hello guys, can anyone help me with the below error I'm getting from bind9? I'm trying to make bind read all the zone info from openldap, I have already created the schema and I've put some info into the ldap. I have also tried to google the error with no success. I'm aware there is an problem... (1 Reply)
Discussion started by: yered
1 Replies

5. UNIX for Advanced & Expert Users

Can I use bind9 to resolve only ONE hostname in a zone?

Hi there, I have the following problem. I have a Debian server with bind9. I can also use my ISP DNS server through the internet box (192.168.1.1). I would like to fool my client workstation to a local machine when they query for one specific hostname within a domain. I want to let the... (5 Replies)
Discussion started by: kokonut95
5 Replies

6. Solaris

Bind9 DNS on Solaris 10 x4270 & CPU usage

I have configured a Bind9 DNS on a X4270 machine with Solaris10 I am excuting some repformance tests with DNSPERF tool and maximun CPU usage is 23%. I have seen with prstat -L -p PID that named process usses only 2 of the 8 available CPU at the same time although threads for all CPUs exist.... (2 Replies)
Discussion started by: parisph
2 Replies

7. UNIX for Dummies Questions & Answers

Bind9 non existing ip , time of query

how can i set default permission for nslookup, i have in my nslookup timeout = 0 retry = 3 port = 53 but i want to set it to : timeout = 2 retry = 2 port = 53 i'm using bind9 , where can i set the default timeout for it? thanks in advance (0 Replies)
Discussion started by: prpkrk
0 Replies

8. UNIX for Dummies Questions & Answers

BIND9 CNAME to External Domain

We're moving an app from a server in our domain to a server hosted by the vendor in their domain. This app had it's own domain setup that we're authoritative for. Do I need to create a new zone file? zone-vendor_com and set up the CNAME records in this file? Or if I can just edit the one I... (1 Reply)
Discussion started by: joeaverage
1 Replies

9. IP Networking

Bind9 DNSSEC and rollerd

Hi all, I've a litte problem to get rollerd running and signing my zones if the ZSK of my zones are near expiring or expired. rollerd is running but do nothing startet with: /usr/bin/perl /usr/sbin/rollerd -rrfile /etc/bind/all.rollrec -directory /etc/bind -logfile /dev/stdout ... (1 Reply)
Discussion started by: xabbu
1 Replies

LEARN ABOUT OSX

resolver

resolver(5)						      BSD File Formats Manual						       resolver(5)

NAME

     resolver -- resolver configuration file format

DESCRIPTION

     The resolver is a set of routines in the C library resolv(3) that provide access to the Internet Domain Name System (DNS).  A resolver con-
     figuration file contains information used to specify parameters for a DNS resolver client.  The file contains a list of keywords with values
     that provide various types of resolver information.

     Mac OS X supports a DNS search strategy that may involve multiple DNS resolver clients.  See the SEARCH STRATEGY section below for an over-
     view of multi-client DNS search.

     Each DNS client is configured using the contents of a single configuration file of the format described below, or from a property list sup-
     plied from some other system configuration database.  Note that the /etc/resolv.conf file, which contains configuration for the default (or
     "primary") DNS resolver client, is maintained automatically by Mac OS X and should not be edited manually.  Changes to the DNS configuration
     should be made by using the Network Preferences panel.

     The different configuration options are given below.

   nameserver
     Internet address (in dot notation for IPv4 or in colon notation for IPv6) of a name server that the resolver should query.  The address may
     optionally have a trailing dot followed by a port number.	For example, 10.0.0.17.55 specifies that the nameserver at 10.0.0.17 uses port 55.

     Up to MAXNS (currently 3) name servers may be listed, one per keyword.  If there are multiple servers, the resolver library queries them in
     the order listed.	The algorithm used is to try a name server, and if the query times out, try the next, until out of name servers, then
     repeat trying all the name servers until a maximum number of retries are made.

   port
     IP port number to be used for this resolver.  The default port is 53.  The port number for an individual nameserver may be specified as part
     of the nameserver address (see nameserver above) to override the default or the port number specified as a value for this keyword.

   domain
     Domain name associated with this resolver configuration.  This option is normally not required by the Mac OS X DNS search system when the
     resolver configuration is read from a file in the /etc/resolver directory.  In that case the file name is used as the domain name.  However,
     domain must be provided when there are multiple resolver clients for the same domain name, since multiple files may not exist having the same
     name.  See the SEARCH STRATEGY section for more details.

   search
     Search list for host-name lookup.	This parameter is only used by the "Super" DNS resolver, which manages the DNS search strategy amongst
     multiple DNS resolver clients.  Unqualified queries will be attempted using each component of the search list in turn until a match is found.
     Note that this process may be slow and will generate a lot of network traffic if the servers for the listed domains are not local, and that
     queries will time out if no server is available for one of the domains.

     The search list is currently limited to six domains with a total of 256 characters.

   search_order
     Only required for those clients that share a domain name with other clients.  Queries will be sent to these clients in order by ascending
     search_order value.  For example, this allows two clients for the ".local" domain, which is used by Apple's multicast DNS, but which may also
     be used at some sites as private DNS domain name.

   sortlist
     Sortlist allows addresses returned by gethostbyname to be sorted.	A sortlist is specified by IP address netmask pairs. The netmask is
     optional and defaults to the natural netmask of the net. The IP address and optional network pairs are separated by slashes. Up to 10 pairs
     may be specified. For example:

	    sortlist 130.155.160.0/255.255.240.0 130.155.0.0

   timeout
     Specifies the total amount of time allowed for a name resolution.	This time interval is divided by the number of nameservers and the number
     of retries allowed for each nameserver.

   options
     Options allows certain internal resolver variables to be modified.  The syntax is:

     options option ...

     where option is one of the following:

     debug    sets RES_DEBUG in the resolver options.

     timeout:n
	      sets the per-retry timeout for resolver queries.	The total timeout allowed for a query depends on the number of retries and the
	      number of nameservers.  This value is ignored if a total timeout is specified using the timeout keyword (see above).

     ndots:n  Sets a threshold for the number of dots which must appear in a name given to res_query (see resolver(3)) before an initial absolute
	      query will be made.  The default for n is ``1'', meaning that if there are any dots in a name, the name will be tried first as an
	      absolute name before any search list elements are appended to it.

	      The keyword and value must appear on a single line, and the keyword must start the line.	The value follows the keyword, separated
	      by white space.

SEARCH STRATEGY

     Mac OS X uses a DNS search strategy that supports multiple DNS client configurations.  Each DNS client has its own set of nameserver
     addresses and its own set of operational parameters.  Each client can perform DNS queries and searches independent of other clients.  Each
     client has a symbolic name which is of the same format as a domain name, e.g. "apple.com".  A special meta-client, known as the "Super" DNS
     client acts as a router for DNS queries.  The Super client chooses among all available clients by finding a best match between the domain
     name given in a query and the names of all known clients.

     Queries for qualified names are sent using a client configuration that best matches the domain name given in the query.  For example, if
     there is a client named "apple.com", a search for "www.apple.com" would use the resolver configuration specified for that client.	The match-
     ing algorithm chooses the client with the maximum number of matching domain components.  For example, if there are clients named "a.b.c", and
     "b.c", a search for "x.a.b.c" would use the "a.b.c" resolver configuration, while a search for "x.y.b.c" would use the "b.c" client.  If
     there are no matches, the configuration settings in the default client, generally corresponding to the /etc/resolv.conf file or to the "pri-
     mary" DNS configuration on the system are used for the query.

     If multiple clients are available for the same domain name, the clients ordered according to a search_order value (see above).  Queries are
     sent to these resolvers in sequence by ascending value of search_order.

     The configuration for a particular client may be read from a file having the format described in this man page.  These are at present located
     by the system in the /etc/resolv.conf file and in the files found in the /etc/resolver directory.	However, client configurations are not
     limited to file storage.  The implementation of the DNS multi-client search strategy may also locate client configuratins in other data
     sources, such as the System Configuration Database.  Users of the DNS system should make no assumptions about the source of the configuration
     data.

FILES

     /etc/resolv.conf, /etc/resolver/*

SEE ALSO

     gethostbyname(2), getaddrinfo(3), resolver(3)

Mac OS X							   June 6, 2003 							  Mac OS X
All times are GMT -4. The time now is 10:36 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy