Zone hints for VPN environments
Andreas Meile
mailingliste at andreas-meile.ch
Mon Feb 15 08:35:55 UTC 2016
Hello BIND users
Assume the following situation: Pure IPv4 environment, my own network
running behind a NAT uses the zone "intra.example.com" and has a Linux box
with 192.168.6.2 running named for that zone as well as
6.168.192.in-addr.arpa.
Assume a second completely separate corporate network also behind a NAT
where a ActiveDirectory DNS server for the zone "intra.example.net" is
running on a server 10.55.2.3 (this server also provides
2.55.10.in-addr.arpa, of course).
Let's connect both these networks over a VPN tunnel, i.e. 192.168.6.0/24 is
routed to 10.55.2.0/24 and vice versa.
The basic problem: In a standard bind setup, my DNS server is not able to
resolve resources from "intra.example.net" since it's not allowed to put
$ORIGIN example.net.
intra IN NS adpdc1.intra.example.net.
adpdc1.intra IN A 10.55.2.3
on the public (reachable worldwide) example.net DNS zone.
The question is: How can I place the ActiveDirectory DNS as forwarder DNS
server in such a way that it is responsible for a specific DNS zone only? I
need something like
zone "intra.example.com" in {
type master;
file "intra.example.con.zone";
};
zone "2.168.192.in-addr.arpa" in {
type master;
file "192.168.2.zone";
};
; VPN to corporate #1's LAN
forwarders (filter = intra.example.net|2.55.10.in-addr.arpa) {
10.55.2.3;
}
; VPN to corporate #2's LAN
forwarders (filter = intra.example.org|55.77.10.in-addr.arpa) {
10.77.55.4;
}
; Default forwarders (my ISP's DNS servers) for all other queries
forwarders {
192.0.2.44; 198.51.100.2;
}
Or do I have to use
; Zone hints to corporate #1's intranet
zone "intra.example.net." {
type hint;
file "corporate1_dns.subroot";
};
zone "2.55.10.in-addr.arpa." {
type hint;
file "corporate1_dns.subroot";
};
; Zone hints to corporate #2's intranet
zone "intra.example.org." {
type hint;
file "corporate2_dns.subroot";
};
zone "55.77.10.in-addr.arpa." {
type hint;
file "corporate2_dns.subroot";
};
; Default public hints as usual from
ftp://ftp.internic.net/domain/named.cache
zone "." {
type hint;
file "named.cache";
};
$ cat corporate1_dns.subroot
adpdc1.intra.example.net. 3600000 IN A 10.55.2.3
$ cat corporate2_dns.subroot
pdc1.intra.example.org. 3600000 IN A 10.77.55.4
for exact that scenario?
Thanks in advance for answers.
Andreas
--
"127.0.0.1 was ist das? Ich kenne nur ::1!" - www.swissipv6council.ch
More information about the bind-users
mailing list