"sinkhole" DNS with external hosts
Sergey Emantayev
sergeem at yahoo.com
Sat Sep 19 13:37:31 UTC 2015
Hello DNS gurus,
I'm mastering a sinkhole DNS for a quarantine VLAN. My sinkhole DNS resolves any request to the same host - so that the quarantined clients get redirected to my server. I have following DNS configuration (running bind-9.8.2-0.17.rc1 on RHEL 6.4):
options {
listen-on port 53 { 10.10.0.1;};
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 10.10.0.0/24; };
allow-transfer {"none";};
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type master;
file "/var/named/named.sinkhole";
};
// include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
The file /var/named/named.sinkhole has following content:
$TTL 600
@ IN SOA localhost root.localhost. (
11 ; serial
3H ; refresh
15M ; retry
1W ; expire
1D ) ; minimum
IN NS @
IN A 10.10.0.1
* IN A 10.10.0.1
So far this is working perfect.
I have a new requirement now - the quarantined client should have an access to an external host. I haved added following configuration to /etc/named.conf:
zone "test.com" IN {
type master;
file "/var/named/named.test";
};
/var/named/named.test:
$TTL 600
@ IN SOA ns.test.com. root.localhost. (
22 ; serial
3H ; refresh
15M ; retry
1W ; expire
1D ) ; minimum
IN NS ns.test.com.
ns IN A 10.10.0.1
www IN A X.X.X.X ;; X is replaced to an actual IP address
Unfortunately my naive approach did not work. "www.test.com" is still resolved to 10.10.0.1 and I see that the global zone "." is always hit unless I comment out the global zone definition.
I'm a bit new in DNS. Any help is appreciated. Ideally my DNS should delegate the "www.test.com" request and do not store its IP locally.
Many Thanks,
Sergey Emantayev
More information about the bind-users
mailing list