How to configure , dig command support +subnet
Darren Ankney
darren.ankney at gmail.com
Tue Dec 13 11:32:46 UTC 2022
It seems like you might also need "match-destinations" to be defined, at least that is how i interpret this: https://bind9.readthedocs.io/en/v9_18_9/reference.html#namedconf-statement-match-destinations
> On Dec 13, 2022, at 5:47 AM, 徐娅 <xuya2011 at gmail.com> wrote:
>
> 25-Nov-2022 23:30:32.924 running on Linux x86_64 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020
> 25-Nov-2022 23:30:32.924 built with '--prefix=/usr/local/bind-9.18.9' '--enable-largefile' '--enable-epoll' '--enable-full-report' '--disable-doh' '--enable-dnsrps-dl' '--enable-dnsrps'
> 25-Nov-2022 23:30:32.924 running as: named -c named.conf -fg
> 25-Nov-2022 23:30:32.924 compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-39)
> 25-Nov-2022 23:30:32.924 compiled with OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
> 25-Nov-2022 23:30:32.924 linked to OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
> 25-Nov-2022 23:30:32.924 compiled with zlib version: 1.2.7
> 25-Nov-2022 23:30:32.924 linked to zlib version: 1.2.7
> 25-Nov-2022 23:30:32.924 ----------------------------------------------------
> 25-Nov-2022 23:30:32.924 BIND 9 is maintained by Internet Systems Consortium,
> 25-Nov-2022 23:30:32.924 Inc. (ISC), a non-profit 501(c)(3) public-benefit
> 25-Nov-2022 23:30:32.924 corporation. Support and training for BIND 9 are
> 25-Nov-2022 23:30:32.924 available at https://www.isc.org/support
>
>
> # cat named.conf
> ... ...
> ... ...
> options {
> listen-on port 353 { any; };
> listen-on-v6 port 353 { any; };
> directory "/root/edns/named";
> allow-query { any; };
> allow-recursion { any; };
>
> empty-zones-enable no;
>
> pid-file "/root/edns/named/run/named.pid";
>
> };
>
> view "aaa" {
> match-clients { 10.105.0.0/16 <http://10.105.0.0/16>; };
> zone "abc.com <http://abc.com/>" {
> type master;
> file "aaa/abc.com <http://abc.com/>";
> };
> };
>
> view "bbb" {
> match-clients { 10.106.0.0/26 <http://10.106.0.0/26>; };
> zone "abc.com <http://abc.com/>" {
> type master;
> file "bbb/abc.com <http://abc.com/>";
> };
> };
>
> view "idc-default" {
> match-clients { any; };
> zone "abc.com <http://abc.com/>" {
> type master;
> file "any/abc.com <http://abc.com/>";
> };
> };
>
> # cat named/aaa/abc.com <http://abc.com/>
> ... ...
> www 600 IN TXT aaa
>
> # cat named/bbb/abc.com <http://abc.com/>
> www 600 IN TXT bbb
>
> # cat named/ccc/abc.com <http://abc.com/>
> www 600 IN TXT ccc
>
> # dig @127.0.0.1 <http://127.0.0.1/> -p 353 txt.abc.com <http://txt.abc.com/> txt +subnet=10.105.2.2
>
> ; <<>> DiG 9.18.9 <<>> @127.0.0.1 <http://127.0.0.1/> -p 353 txt.abc.com <http://txt.abc.com/> txt +subnet=10.105.2.2
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7948
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; COOKIE: 075abe1b7a9c177a010000006380ded9dc3ca0fc1bae43d4 (good)
> ; CLIENT-SUBNET: 10.105.2.2/32/0 <http://10.105.2.2/32/0>
> ;; QUESTION SECTION:
> ;txt.abc.com <http://txt.abc.com/>. IN TXT
>
> ;; ANSWER SECTION:
> txt.abc.com <http://txt.abc.com/>. 600 IN TXT "any"
>
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.1#353(127.0.0.1) (UDP)
> ;; WHEN: Fri Nov 25 23:27:21 CST 2022
> ;; MSG SIZE rcvd: 99
>
> I expect +subnet=10.105.2.2, return aaa, but returned any
>
> # dig @127.0.0.1 <http://127.0.0.1/> -p 353 txt.abc.com <http://txt.abc.com/> txt +subnet=10.105.2.2
> any
> I expect +subnet=10.106.3.3, return bbb, but returned any
>
> # dig @127.0.0.1 <http://127.0.0.1/> -p 353 txt.abc.com <http://txt.abc.com/> txt +subnet=10.106.3.3
> any
>
> How do I change named.conf?
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221213/51ab881e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221213/51ab881e/attachment.sig>
More information about the bind-users
mailing list