bind-users Digest, Vol 2011, Issue 1
Christian Kette
chriswaeldchen at outlook.de
Sun Jan 4 13:20:33 UTC 2015
I forgot to mention, this is actually the case
The proxy has a different IP on each network.
2015-01-04 13:00 GMT+01:00 <bind-users-request at lists.isc.org>:
> Send bind-users mailing list submissions to
> bind-users at lists.isc.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.isc.org/mailman/listinfo/bind-users
> or, via email, send a message with subject or body 'help' to
> bind-users-request at lists.isc.org
>
> You can reach the person managing the list at
> bind-users-owner at lists.isc.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
> 1. Re: BIND9 Return different IP address based on subnet
> (Christian Kette)
> 2. Re: BIND9 Return different IP address based on subnet
> (Matus UHLAR - fantomas)
> 3. RE: can't-resolve (Mohammed Ejaz)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 3 Jan 2015 19:24:47 +0100
> From: Christian Kette <chriswaeldchen at outlook.de>
> To: "Jeremy C. Reed" <jreed at isc.org>, bind-users at lists.isc.org
> Subject: Re: BIND9 Return different IP address based on subnet
> Message-ID: <BLU437-SMTP59E4422D3E2444EAC7B263A45A0 at phx.gbl>
> Content-Type: text/plain; charset="utf-8"
>
> I have found a workaround.
> I defined a different zone for every network
>
> My config files are now
>
> /tec/bind/named.conf
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
>
> /etc/bind/named.conf.local
>
> view "local" {
> match-clients { localhost; };
> zone "home.lan" IN {
> type master;
> file "/etc/bind/db.home.lan";
> };
> };
> view "ext" {
> match-clients { 192.168.2.0/24;};
> zone "home2.lan" IN {
> type master;
> file "/etc/bind/db.rev.2.168.192.in-addr.arpa";
> };
> };
> view "wlan0" {
> match-clients { 192.168.3.0/24;};
> zone "home3.lan" IN {
> type master;
> file "/etc/bind/db.rev.3.168.192.in-addr.arpa";
> };
> };
> view "wlan00" {
> match-clients {192.168.4.0/24;};
> zone "home4.lan" IN {
> type master;
> file "/etc/bind/db.rev.4.168.192.in-addr.arpa";
> };
> };
> view "wlan01" {
> match-clients {192.168.5.0/24;};
> zone "home5.lan" IN {
> type master;
> file "/etc/bind/db.rev.5.168.192.in-addr.arpa";
> };
> };
> view "int" {
> match-clients {192.168.10.0/24;};
> zone "home10.lan" IN {
> type master;
> file "/etc/bind/db.rev.10.168.192.in-addr.arpa";
> };
> };
>
> /etc/bind/db.rev.10.168.192.in-addr.arpa
>
> ; IP Address-to-Host DNS Pointers for the 192.168.10 subnet
> home10.lan. IN SOA DEV.home10.lan. hostmaster.home10.lan. (
> 2013120101 ; serial
> 8H ; refresh
> 4H ; retry
> 4W ; expire
> 1D ; minimum
> )
> ; define the authoritative name server
> home10.lan. IN NS DEV.home10.lan.
> home10.lan. IN MX 10 DEV.home10.lan.
>
> localhost IN A 127.0.0.1
> DEV IN A 192.168.10.1
> router IN A 192.168.10.1
> proxy IN CNAME DEV.home10.lan.
> wpad IN A 192.168.10.1
>
>
>
> 2014-12-28 19:59 GMT+01:00 <chriswaeldchen at outlook.de>:
>
> > Thank you for the helpful answer.
> > I changed the file /etc/bind/named.conf.local to
> >
> > view "local" {
> > match-clients { 127.0.0.1; };
> > zone "home.lan" IN {
> > type master;
> > file "/etc/bind/db.home.lan";
> > };
> > };
> > view "ext" {
> > match-clients { 192.168.2.0/24;};
> > zone "2.168.192.in-addr.arpa" {
> > type master;
> > file "/etc/bind/db.rev.2.168.192.in-addr.arpa";
> > };
> > };
> > view "wlan0" {
> > match-clients { 192.168.3.0/24;};
> > zone "3.168.192.in-addr.arpa" {
> > type master;
> > file "/etc/bind/db.rev.3.168.192.in-addr.arpa";
> > };
> > };
> > view "wlan00" {
> > match-clients {192.168.4.0/24;};
> > zone "4.168.192.in-addr.arpa" {
> > type master;
> > file "/etc/bind/db.rev.4.168.192.in-addr.arpa";
> > };
> > };
> > view "wlan01" {
> > match-clients {192.168.5.0/24;};
> > zone "5.168.192.in-addr.arpa" {
> > type master;
> > file "/etc/bind/db.rev.5.168.192.in-addr.arpa";
> > };
> > };
> > view "int" {
> > match-clients {192.168.10.0/24;};
> > zone "10.168.192.in-addr.arpa" {
> > type master;
> > file "/etc/bind/db.rev.10.168.192.in-addr.arpa";
> > };
> > };
> >
> >
> > But now I get Non-existent domain error (on the raspberry machine) for
> > - nslookup localhost
> > - nslookup DEV.home.lan
> >
> > I don't understand why it can't find neither the localhost nor the
> > DEV.home.lan entry in /etc/bind/db.home.lan
> >
> >
> >
> > 2014-12-27 22:57 GMT+01:00 Jeremy C. Reed <jreed at isc.org>:
> >
> >> On Sat, 27 Dec 2014, Christian Kette wrote:
> >>
> >> > I have some questions. Q1: Why do I get the IP address "192.168.2.100"
> >> for
> >> > "DEV.home.lan" from both the 192.168.2.0/24 and the 192.168.10.0/24
> >> network?
> >>
> >> The view that matches first is used.
> >>
> >> > #include "/etc/bind/named.conf.default-zones";
> >> ...
> >> > Q2: What exactly are these zones in the file for? Do I need them?
> >>
> >> You didn't include the file in the email. But I found a copy via google
> >> which may be the same. You probably don't need it. (For example, the
> >> priming hints are builtin to named.)
> >>
> >>
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.isc.org/pipermail/bind-users/attachments/20150103/08b102ce/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Sat, 3 Jan 2015 23:53:23 +0100
> From: Matus UHLAR - fantomas <uhlar at fantomas.sk>
> To: bind-users at lists.isc.org
> Subject: Re: BIND9 Return different IP address based on subnet
> Message-ID: <20150103225323.GA32310 at fantomas.sk>
> Content-Type: text/plain; charset=us-ascii; format=flowed
>
> On 03.01.15 19:24, Christian Kette wrote:
> >I have found a workaround.
> >I defined a different zone for every network
>
> I repeat: you don't need views when having different zones.
>
> You would need views if you had the same zone with different content.
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> The early bird may get the worm, but the second mouse gets the cheese.
>
>
> ------------------------------
>
> Message: 3
> Date: Sun, 4 Jan 2015 08:43:30 +0300
> From: "Mohammed Ejaz" <mejaz at cyberia.net.sa>
> To: "'Warren Kumari'" <warren at kumari.net>, "'Barry Margolin'"
> <barmar at alum.mit.edu>
> Cc: comp-protocols-dns-bind at isc.org
> Subject: RE: can't-resolve
> Message-ID: <0e0701d027e1$611d4f20$2357ed60$@cyberia.net.sa>
> Content-Type: text/plain; charset="us-ascii"
>
>
> Hello, all.
>
> now everything is fine once the port > 1024 opened from the network
> firewall. so it means not only 53 port requires to be open.
>
>
>
> -----Original Message-----
> From: bind-users-bounces at lists.isc.org
> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Ejaz
> Sent: Sunday, December 28, 2014 11:10 AM
> To: 'Warren Kumari'; 'Barry Margolin'
> Cc: comp-protocols-dns-bind at isc.org
> Subject: RE: can't-resolve
>
> Thanks for the suggestion
>
> I am sure No firewall at all. Also See I now I have reassigned the my
> previous IP which is 212.119.64.12, after that everything is fine. It
> wouldn't have worked with this IP if there is firewall on the box??
>
> Regards,
> Mohammed Ejaz
> CYBERIAR SAUDI ARABIA
> P.O.Box 301079, Riyadh 11372, Saudi Arabia
> Tel: +966 11 464 7114 Ext. 140
> Fax: +966 11 465 4735
>
> -----Original Message-----
> From: bind-users-bounces at lists.isc.org
> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Warren Kumari
> Sent: Saturday, December 27, 2014 2:27 AM
> To: Barry Margolin
> Cc: comp-protocols-dns-bind at isc.org
> Subject: Re: can't-resolve
>
> Also, from querying from the outside (with TCP):
>
> ~# dig +tcp www.auth-servers.net @212.119.64.228
> ; <<>> DiG 9.10.1-P1 <<>> +tcp www.auth-servers.net @212.119.64.228 ;;
> global options: +cmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20716 ;; flags: qr rd
> ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;www.auth-servers.net. IN A
>
> ;; Query time: 8260 msec
> ;; SERVER: 212.119.64.228#53(212.119.64.228) ;; WHEN: Fri Dec 26 18:18:30
> EST 2014 ;; MSG SIZE rcvd: 49
>
> Then trying the same query a few seconds later:
> dig +tcp www.auth-servers.net @212.119.64.228
>
> ; <<>> DiG 9.10.1-P1 <<>> +tcp www.auth-servers.net @212.119.64.228 ;;
> global options: +cmd ;; connection timed out; no servers could be reached
>
> This really looks like a firewall -- perhaps there is some firewall
> software
> on the box itself?
>
> W
>
>
> On Fri, Dec 26, 2014 at 6:17 PM, Warren Kumari <warren at kumari.net> wrote:
> > What OS is this machine running?
> >
> > Interestingly enough, it is unpingable, and a quick nmap fingerprints
> > it
> as:
> > Running: Sun Solaris 8
> > OS CPE: cpe:/o:sun:sunos:5.8
> > OS details: Sun Solaris 8 (SPARC)
> >
> > nmap could only find one open port (TCP 53 :-)) and so its
> > fingerprinting is unreliable, but it *does* look like you are behind a
> > firewall type devices.
> > It is unusual for machines themselves to not respond to pings.
> >
> > fpdns says:
> > fingerprint (212.119.64.228, 212.119.64.228): ISC BIND 9.2.3rc1 --
> > 9.6.1-P1 [recursion enabled]
> >
> >
> >
> > On Fri, Dec 26, 2014 at 5:55 PM, Barry Margolin <barmar at alum.mit.edu>
> wrote:
> >> In article <mailman.1330.1419633581.26362.bind-users at lists.isc.org>,
> >> "Ejaz" <mejaz at cyberia.net.sa> wrote:
> >>
> >>> I am sure sir there is no firewall on in the server you can make
> >>> sure by telnet to the port 53 of this IP 212.119.64.228
> >>
> >> That doesn't mean anything. The firewall may be blocking OUTGOING
> >> packets to port 53, or they're blocking the returning replies (which
> >> go to an ephemeral port).
> >>
> >>>
> >>>
> >>> Regards,
> >>> Mohammed Ejaz
> >>> CYBERIAR SAUDI ARABIA
> >>> P.O.Box 301079, Riyadh 11372, Saudi Arabia
> >>> Tel: +966 11 464 7114 Ext. 140
> >>> Fax: +966 11 465 4735
> >>>
> >>> -----Original Message-----
> >>> From: bind-users-bounces at lists.isc.org
> >>> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Matus UHLAR -
> >>> fantomas
> >>> Sent: Friday, December 26, 2014 7:35 PM
> >>> To: bind-users at lists.isc.org
> >>> Subject: Re: can't-resolve
> >>>
> >>> On 26.12.14 19:21, Ejaz wrote:
> >>> >When run "dig a yahoo.com @212.119.64.228 below is the ouput.
> >>> >
> >>> >yahoo.com. (38)
> >>> >17:39:41.363532 IP 212.119.64.228.37891 > 212.119.64.228.domain:
> 34168+
> >>> >[1au] A? yahoo.com. (38)
> >>> >17:39:42.246993 IP 212.119.64.228.53702 > 192.5.5.241.domain: 58238
> >>> >[1au]
> >>> A?
> >>> >yah oo.com. (38)
> >>> >17:39:42.247012 IP 212.119.64.228.45701 > 192.5.5.241.domain: 13223
> [1au]
> >>> >NS? . (28)
> >>> >17:39:43.047148 IP 212.119.64.228.43795 > 128.63.2.53.domain: 1539 A?
> >>> >yahoo.com. (27)
> >>> >17:39:43.047154 IP 212.119.64.228.55178 > 128.63.2.53.domain: 56002
> NS?
> .
> >>> >(17)
> >>> >17:39:43.847447 IP 212.119.64.228.61664 > 192.58.128.30.domain: 165 A?
> >>> >yahoo.com . (27)
> >>> >17:39:43.847542 IP 212.119.64.228.30239 > 192.58.128.30.domain:
> >>> >11435
> NS? .
> >>> >(17)
> >>> >17:39:44.995096 IP 212.119.64.228.24477 > 199.7.83.42.domain: 25645
> >>> >[1au]
> >>> A?
> >>> >yahoo.com. (38)
> >>> >17:39:44.995162 IP 212.119.64.228.22170 > 199.7.83.42.domain: 44767
> >>> >[1au] NS? . (28)
> >>> >17:39:45.897226 IP 212.119.64.228.35574 > 199.7.91.13.domain: 29284 A?
> >>> >yahoo.com. (27)
> >>> >17:39:45.897233 IP 212.119.64.228.36946 > 199.7.91.13.domain: 17626
> NS?
> .
> >>> >(17)
> >>> >17:39:46.363642 IP 212.119.64.228.37891 > 212.119.64.228.domain:
> >>> >34168+ [1au] A? yahoo.com. (38)
> >>> >17:39:46.370282 IP 212.119.64.228.domain > 212.119.64.228.37891:
> >>> >34168 ServFail 0/0/1 (38)
> >>>
> >>> these are just outgoing DNS requests , no replies coming back.
> >>> Are you sure there is no firewall, or "security" gateway between
> >>> your server and the world?
> >>>
> >>>
> >>> --
> >>> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> >>> Warning: I wish NOT to receive e-mail advertising to this address.
> >>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> >>> 42.7 percent of all statistics are made up on the spot.
> >>> _______________________________________________
> >>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> >>> unsubscribe from this list
> >>>
> >>> bind-users mailing list
> >>> bind-users at lists.isc.org
> >>> https://lists.isc.org/mailman/listinfo/bind-users
> >>
> >> --
> >> Barry Margolin
> >> Arlington, MA
> >> _______________________________________________
> >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> >> unsubscribe from this list
> >>
> >> bind-users mailing list
> >> bind-users at lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/bind-users
> >
> >
> >
> > --
> > I don't think the execution is relevant when it was obviously a bad
> > idea in the first place.
> > This is like putting rabid weasels in your pants, and later expressing
> > regret at having chosen those particular rabid weasels and that pair
> > of pants.
> > ---maf
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad idea in
> the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair of
> pants.
> ---maf
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
> --
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
> --
>
>
>
>
> ------------------------------
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
> End of bind-users Digest, Vol 2011, Issue 1
> *******************************************
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150104/6a5feaef/attachment-0001.html>
More information about the bind-users
mailing list