"sinkhole" DNS with external hosts
Sergey Emantayev
sergeem at yahoo.com
Fri Sep 18 22:17:05 UTC 2015
Hello DNS gurus,
I'm mastering a sinkhole DNS for a quarantine VLAN. My sinkhole DNS resolves any request to the same host - so that the quarantined clients get redirected to my server. I have following DNS configuration (running bind-9.8.2-0.17.rc1 on RHEL 6.4):
options { listen-on port 53 { 10.10.0.1;}; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { 10.10.0.0/24; }; allow-transfer {"none";}; recursion no;
dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;
/* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";};
logging { channel default_debug { file "data/named.run"; severity dynamic; };};
zone "." IN { type master; file "/var/named/named.sinkhole";};
// include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
The file /var/named/named.sinkhole has following content:
$TTL 600@ IN SOA localhost root.localhost. ( 11 ; serial 3H ; refresh 15M ; retry 1W ; expire 1D ) ; minimum IN NS @ IN A 10.10.0.1* IN A 10.10.0.1
So far this is working perfect.I have a new requirement now - the quarantined client should have an access to an external host. I haved added following configuration to /etc/named.conf:
zone "test.com" IN { type master; file "/var/named/named.test";};
/var/named/named.test:
$TTL 600@ IN SOA ns.test.com. root.localhost. ( 22 ; serial 3H ; refresh 15M ; retry 1W ; expire 1D ) ; minimum IN NS ns.test.com.ns IN A 10.10.0.1www IN A X.X.X.X ;; X is replaced to an actual IP address
Unfortunately my naive approach did not work. "www.test.com" is still resolved to 10.10.0.1 and I see that the global zone "." is always hit unless I comment out the global zone definition.
I'm a bit new in DNS. Any help is appreciated. Ideally my DNS should delegate the "www.test.com" request and do not store its IP locally. Many Thanks,Sergey Emantayev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150918/cb248d5e/attachment-0001.html>
More information about the bind-users
mailing list