Using bind to provide a dns redirector

Alex Sharaz A.Sharaz at hull.ac.uk
Fri Mar 5 17:23:57 UTC 2010 

Hi all,

I'm looking to implement a dns redirector using bind 9 and need a wee bit of
help.

We have a wired 802.1x network setup here. By default if a user hasn't
configured 802.1x on their PC their machine gets dropped into an
unauthenticated VLAN where our DHCP server hands our different DNS server IP
addresses to the rest of the  University.

I'm currently using a product called DNS redirector for the unauthenticated
VLAN but am having some loading problems hence the query re implementing my
requirements in bind.

Here's what I'm currently doing:-

1). We want  users to  have access to windows update and app update sites
even from the unauth VLAN
2). Whatever else they try and get to via a browser, the host address gets
resolved to a Hull IP address. The browser therefore connects to a local web
server which hands out a page saying "You need to configure your machine in
order to access the Internet ......."

Apart from the loading issues the whole thing works quite well.

So ...

Getting bind to always resolve to a single P address was quite easy.

In named.conf

zone "." {
 Type master;
file "db.redir";
}

zone "hull.ac.uk" {
type master;
file "db.hull";
}

In db.redir
$TTL 60
@	In	SOA	localhost. Root.localhost. ( ......)

@	IN	NS	localhost.

*	IN	A	150.237.47.203

So anything I try and resolve returns 47.203

db.hull is similar but lets me add some exra hull addresses for local
services we might want students to access.

I thought that adding

zone "Microsoft.com" {
 type forward;
 forwarders {a.b.c.d; e.f.g.h;};
 forward only;
}

Would let me pass queries for anything in Microsoft.com off to our real
servers, but the zone "." overrides the above and everything resolves back
to my  47.203 address.


So, any thoughts as to how I might persuade bind to correctly resolve
hostnames in a list of specified domains?

TIA
Alex




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5479 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100305/332c4530/attachment.bin>

More information about the bind-users mailing list