Forward zone inside a view

Matus UHLAR - fantomas uhlar at fantomas.sk
Thu Feb 7 18:39:50 UTC 2019


On 07.02.19 14:58, Roberto Carna wrote:
>In our company we have several desktops from two different cities accessing
>only to internal domains distributed in two views in a private BIND with
>authoritative zones, where I've defined "recursion no;".
>
>But now we have to let them access to *.teamviewer.com hostnames, just this
>public domain and not other.

btw, when did linux.org change to teamviewer.com?

>So I've implemented the forwarding of "teamviewer.com" zone to our BIND
>resolvers servers (they forward DNS queries to 8.8.8.8). So I've created a
>third view with this information in named.conf.local:
>
>acl internet { 10.0.0.0/24 };
>
>view "internet" {
>
>   match-clients { internet; key "custom"; };
>
> recursion yes;
>
> zone "teamviewer.com" {
>
>        type forward;
>
>        forward only;
>
>        forwarders {
>
>                172.18.1.1;
>
>                172.18.1.2;
>
>        };
>
>};


>I defined "recursion yes" but the BIND servers forwards all the public
>domains queries to our resolvers and not just for "teamviewer.com", so it
>doesn't work. And if I change for "recursion no", the query
>www.teamviewer.com is refused and at the client side appears an error
>telling that recursion is necessary.

of course, BIND will resolve other domains (recurse) only when you allow it
to recurse.

>So I let desktops resolve all the Internet domains or neither, and this is
>not what I want because I just want to let them resolve just teamviewer.com.
>
>How can I do to forward only teamviewer.com zone queries to my resolvers???

what is the point of running DNS server with only two hostnames allowed to
resolve?

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains? 


More information about the bind-users mailing list