Using bind to provide a dns redirector

schilling schilling2006 at gmail.com
Fri Mar 5 21:27:48 UTC 2010 

http://netreg.sourceforge.net/contrib/NetReg-1.5.1-HowTo.pdf

Page 18.

Schilling

On Fri, Mar 5, 2010 at 12:23 PM, Alex Sharaz <A.Sharaz at hull.ac.uk> wrote:
> Hi all,
>
> I'm looking to implement a dns redirector using bind 9 and need a wee bit of
> help.
>
> We have a wired 802.1x network setup here. By default if a user hasn't
> configured 802.1x on their PC their machine gets dropped into an
> unauthenticated VLAN where our DHCP server hands our different DNS server IP
> addresses to the rest of the  University.
>
> I'm currently using a product called DNS redirector for the unauthenticated
> VLAN but am having some loading problems hence the query re implementing my
> requirements in bind.
>
> Here's what I'm currently doing:-
>
> 1). We want  users to  have access to windows update and app update sites
> even from the unauth VLAN
> 2). Whatever else they try and get to via a browser, the host address gets
> resolved to a Hull IP address. The browser therefore connects to a local web
> server which hands out a page saying "You need to configure your machine in
> order to access the Internet ......."
>
> Apart from the loading issues the whole thing works quite well.
>
> So ...
>
> Getting bind to always resolve to a single P address was quite easy.
>
> In named.conf
>
> zone "." {
>  Type master;
> file "db.redir";
> }
>
> zone "hull.ac.uk" {
> type master;
> file "db.hull";
> }
>
> In db.redir
> $TTL 60
> @       In      SOA     localhost. Root.localhost. ( ......)
>
> @       IN      NS      localhost.
>
> *       IN      A       150.237.47.203
>
> So anything I try and resolve returns 47.203
>
> db.hull is similar but lets me add some exra hull addresses for local
> services we might want students to access.
>
> I thought that adding
>
> zone "Microsoft.com" {
>  type forward;
>  forwarders {a.b.c.d; e.f.g.h;};
>  forward only;
> }
>
> Would let me pass queries for anything in Microsoft.com off to our real
> servers, but the zone "." overrides the above and everything resolves back
> to my  47.203 address.
>
>
> So, any thoughts as to how I might persuade bind to correctly resolve
> hostnames in a list of specified domains?
>
> TIA
> Alex
>
>
>
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

More information about the bind-users mailing list