"sinkhole" DNS with external hosts

Sergey Emantayev sergeem at yahoo.com
Sat Sep 19 13:37:31 UTC 2015


Hello DNS gurus,

I'm mastering a sinkhole DNS for a quarantine VLAN. My sinkhole DNS resolves any request to the same host - so that the quarantined clients get redirected to my server. I have following DNS configuration (running bind-9.8.2-0.17.rc1 on RHEL 6.4):

options {
        listen-on port 53 { 10.10.0.1;};
        // listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 10.10.0.0/24; };
        allow-transfer {"none";};
        recursion no;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type master;
        file "/var/named/named.sinkhole";
};

// include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

The file /var/named/named.sinkhole has following content:

$TTL 600
@       IN SOA  localhost root.localhost. (
                                        11      ; serial
                                        3H      ; refresh
                                        15M     ; retry
                                        1W      ; expire
                                        1D )    ; minimum
        IN NS   @
        IN A    10.10.0.1
*       IN A    10.10.0.1

So far this is working perfect.
I have a new requirement now - the quarantined client should have an access to an external host. I haved added following configuration to /etc/named.conf:

zone "test.com" IN {
        type master;
        file "/var/named/named.test";
};

/var/named/named.test:


$TTL 600
@       IN SOA  ns.test.com. root.localhost. (
                                        22      ; serial
                                        3H      ; refresh
                                        15M     ; retry
                                        1W      ; expire
                                        1D )    ; minimum
        IN NS   ns.test.com.
ns      IN A    10.10.0.1
www     IN A    X.X.X.X ;; X is replaced to an actual IP address

Unfortunately my naive approach did not work. "www.test.com" is still resolved to 10.10.0.1 and I see that the global zone "." is always hit unless I comment out the global zone definition.

I'm a bit new in DNS. Any help is appreciated. Ideally my DNS should delegate the "www.test.com" request and do not store its IP locally.
 
Many Thanks,

Sergey Emantayev


More information about the bind-users mailing list