bind_dlz and views and samba
Peter Carlson
peter at howudodat.com
Wed May 15 15:21:55 UTC 2024
As I understand it bind_dlz does not support multiple views, I have to
following scenario and am trying to figure out how to configure it:
* Internal (192.168.10.0/24)
o resolve internal domain xyz.com
o resolve internal samba domain xyz.lab
o resolve single address xyz.3cx.us to 192.168.10.25
* External is resolved by a different server and xyz.3cx.us resolves
to a public address
* VPN (10.9.0.0/24)
o resolve internal domain xyz.com
o resolve internal samba domain xyz.lab
o resolve single address xyz.3cx.us via normal public dns or
alternatively resolve to external address
I initially set this up with views:
> acl internals { 192.168.10.0/24; 192.168.11.0/24; localhost; };
> acl vpn { 10.9.0.0/24; };
>
> view trusted {
> match-clients { internals; };
> zone "MYDOMAIN.com" IN { type master; file
> "/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; };
> zone "3cx.us" IN { type master; file "/etc/bind/db.3cx.us";
> allow-update { none; }; };
> };
>
> view vpn {
> match-clients { vpn; };
> zone "MYDOMAIN.com" IN { type master; file
> "/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; };
> };
But this crashes as soon as I add:
> dlz "AD DNS Zone" {
> database "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_18.so";
> };
So I split out DNS from ADDC, configured bind on DC to forward to
another DNS and setup views there, but that doesnt work either as all
requests now come from IP of the DC and so the ACLs wont match.
Any ideas how I can accomplish this?
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240515/3c602ca8/attachment.htm>
More information about the bind-users
mailing list