views

[Alberto Rinaudo]

I understand the concept, but I'm not sure I fully understand how to
configure it.
I've updated my bind to 9.11 P05 compiled with "--with-ecdsa", and as far
as I can read EDNS is enabled for authoritative bind installations
automatically.
But I'm still getting wrong answers from my installation.
Here are my configurations:

named.conf:
options {
  listen-on port 53 { any; };
  listen-on-v6 port 53 { any; };
  directory "/var/named";
  dump-file "/var/named/data/cache_dump.db";
  statistics-file "/var/named/data/named_stats.txt";
  memstatistics-file "/var/named/data/named_mem_stats.txt";
  allow-recursion { internal; };
  allow-query { any; };
  allow-query-cache { none; };
};
acl internal {
  service_server_subnet/24;
  service_server_wan_ip;
};
view "internal" {
  match-clients { internal; };
  zone "example.net" IN {
    type master;
    file "/etc/named/example.net.internal";
  };
};
view "external" {
  match-clients { any; };
  zone "example.net" IN {
    type master;
    file "/etc/named/example.net.external";
  };
};



example.net.external:
$TTL 3600
example.net. IN SOA ns1.example.net. example.net. (
    2001062501
    21600
    3600
    604800
    3600 )
example.net. IN NS ns1.example.net.
example.net. IN NS ns2.example.net.
example.net. IN MX 10 mx.zoho.com.
example.net. IN MX 20 mx2.zoho.com.
ns1.example.net. IN A bind_wan_ip
ns2.example.net. IN A bind_wan_ip
example.net. IN A service_server_wan_ip
www.example.net. IN CNAME example.net.
mail.example.net. IN A service_server_wan_ip
mail.example.net. IN MX 10 mail.example.net.
mail.example.net. IN SPF "v=spf1 +a +mx +include:mail.example.net -all"
service.example.net. IN A service_server_wan_ip



example.net.internal:
$TTL 3600
example.net. IN SOA ns1.example.net. example.net. (
    2001062501
    21600
    3600
    604800
    3600 )
example.net. IN NS ns1.example.net.
example.net. IN NS ns2.example.net.
example.net. IN MX 10 mx.zoho.com.
example.net. IN MX 20 mx2.zoho.com.
ns1.example.net. IN A bind_wan_ip
ns2.example.net. IN A bind_wan_ip
example.net. IN A service_server_lan_ip
www.example.net. IN CNAME example.net.
mail.example.net. IN A service_server_lan_ip
mail.example.net. IN MX 10 mail.example.net.
mail.example.net. IN SPF "v=spf1 +a +mx +include:mail.example.net -all"
service.example.net. IN A service_server_wan_ip



When I dig my subdomain however I get this replies:
# dig +noall +answer service.example.net @ns1.example.net
service.example.net.    3600    IN    A    service_server_lan_ip
# dig +noall +answer service.example.net @8.8.8.8
service.example.net.    3599    IN    A    service_server_wan_ip

Can you spot anything wrong with it?
Thanks


On 19 April 2017 at 09:37, Tony Finch <dot at dotat.at> wrote:

> Alberto Rinaudo <alberto.rinaudo at gmail.com> wrote:
>
> > I have a bind installation on a aws server and I'm trying to set up views
> > to give different responses based on the source location.
> >
> > It works fine when this dns server is the first dns used by a client, I
> > guess because the source address used to discriminate between views is
> the
> > last hop.
> >
> > If the query goes first to google dns instead I end up in the wrong view.
> >
> > So here's the question: is it possible to use the original source address
> > to chose the view?
>
> This is what the EDNS client subnet option is about. You can use it in
> BIND by adding "ecs" clauses to your address match lists for views or
> acls. However it isn't documented in the ARM and it has significant
> problems. See
> https://kb.isc.org/article/AA-01432/0/BIND-9.11.0-Release-Notes.html
> and especially
> https://kb.isc.org/article/AA-01480/0/BIND-9.11.1rc3-Release-Notes.html
>
> EDNS client subnet specification:
> https://tools.ietf.org/html/rfc7871
>
> Google Public DNS support for ECS on authoritative servers:
> https://groups.google.com/forum/#!topic/public-dns-announce/67oxFjSLeUM
>
> Tony.
> --
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h
> punycode
> Viking, North Utsire: Southwesterly 5 or 6, decreasing 4 at times. Slight
> or
> moderate. Rain at times. Good, occasionally poor.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170419/23307299/attachment.html>