"sinkhole" DNS with external hosts

Sergey Emantayev sergeem at yahoo.com
Fri Sep 18 22:17:05 UTC 2015 

Hello DNS gurus,
I'm mastering a sinkhole DNS for a quarantine VLAN. My sinkhole DNS resolves any request to the same host - so that the quarantined clients get redirected to my server. I have following DNS configuration (running bind-9.8.2-0.17.rc1 on RHEL 6.4):
options {        listen-on port 53 { 10.10.0.1;};        // listen-on-v6 port 53 { ::1; };        directory       "/var/named";        dump-file       "/var/named/data/cache_dump.db";        statistics-file "/var/named/data/named_stats.txt";        memstatistics-file "/var/named/data/named_mem_stats.txt";        allow-query     { 10.10.0.0/24; };        allow-transfer {"none";};        recursion no;
        dnssec-enable yes;        dnssec-validation yes;        dnssec-lookaside auto;
        /* Path to ISC DLV key */        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";};
logging {        channel default_debug {                file "data/named.run";                severity dynamic;        };};
zone "." IN {        type master;        file "/var/named/named.sinkhole";};
// include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
The file /var/named/named.sinkhole has following content:
$TTL 600@       IN SOA  localhost root.localhost. (                                        11      ; serial                                        3H      ; refresh                                        15M     ; retry                                        1W      ; expire                                        1D )    ; minimum        IN NS   @        IN A    10.10.0.1*       IN A    10.10.0.1
So far this is working perfect.I have a new requirement now - the quarantined client should have an access to an external host. I haved added following configuration to /etc/named.conf:
zone "test.com" IN {        type master;        file "/var/named/named.test";};
/var/named/named.test:

$TTL 600@       IN SOA  ns.test.com. root.localhost. (                                        22      ; serial                                        3H      ; refresh                                        15M     ; retry                                        1W      ; expire                                        1D )    ; minimum        IN NS   ns.test.com.ns      IN A    10.10.0.1www     IN A    X.X.X.X ;; X is replaced to an actual IP address
Unfortunately my naive approach did not work. "www.test.com" is still resolved to 10.10.0.1 and I see that the global zone "." is always hit unless I comment out the global zone definition.
I'm a bit new in DNS. Any help is appreciated. Ideally my DNS should delegate the "www.test.com" request and do not store its IP locally. Many Thanks,Sergey Emantayev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150918/cb248d5e/attachment-0001.html>

More information about the bind-users mailing list