Using bind to provide a dns redirector
Alex Sharaz
A.Sharaz at hull.ac.uk
Fri Mar 5 17:23:57 UTC 2010
Hi all,
I'm looking to implement a dns redirector using bind 9 and need a wee bit of
help.
We have a wired 802.1x network setup here. By default if a user hasn't
configured 802.1x on their PC their machine gets dropped into an
unauthenticated VLAN where our DHCP server hands our different DNS server IP
addresses to the rest of the University.
I'm currently using a product called DNS redirector for the unauthenticated
VLAN but am having some loading problems hence the query re implementing my
requirements in bind.
Here's what I'm currently doing:-
1). We want users to have access to windows update and app update sites
even from the unauth VLAN
2). Whatever else they try and get to via a browser, the host address gets
resolved to a Hull IP address. The browser therefore connects to a local web
server which hands out a page saying "You need to configure your machine in
order to access the Internet ......."
Apart from the loading issues the whole thing works quite well.
So ...
Getting bind to always resolve to a single P address was quite easy.
In named.conf
zone "." {
Type master;
file "db.redir";
}
zone "hull.ac.uk" {
type master;
file "db.hull";
}
In db.redir
$TTL 60
@ In SOA localhost. Root.localhost. ( ......)
@ IN NS localhost.
* IN A 150.237.47.203
So anything I try and resolve returns 47.203
db.hull is similar but lets me add some exra hull addresses for local
services we might want students to access.
I thought that adding
zone "Microsoft.com" {
type forward;
forwarders {a.b.c.d; e.f.g.h;};
forward only;
}
Would let me pass queries for anything in Microsoft.com off to our real
servers, but the zone "." overrides the above and everything resolves back
to my 47.203 address.
So, any thoughts as to how I might persuade bind to correctly resolve
hostnames in a list of specified domains?
TIA
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5479 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100305/332c4530/attachment.bin>
More information about the bind-users
mailing list