have a question of using bind9 for local proxy server
Matus UHLAR - fantomas
uhlar at fantomas.sk
Mon Mar 2 14:48:42 UTC 2015
On 25.02.15 19:53, Junyoung Park wrote:
>i try to configure local proxy views based authoritative DNS server.
>
>do iptables redirect dport 53 to local for local proxy.
>
>In recursion view config is...,
>
>view "internal" {
> match-clients { acl internal; };
> recursion yes;
>
> zone "." {
> type hint;
> file "named.ca";
> };
> zone "test.com" {
> type master;
> file "db.test";
> };
>};
>
>In this situation,
>if incoming query is "example.com" then queries will going to root dns
>server. (iterative)
>
>but i want to send query to clients original destination.
>(if client pc DNS server set 8.8.8.8, i want to send 8.8.8.8 instead
>of root dns servers)
>(i cant use forward/forwarders option because i don't know client's
>DNS server setting.)
that would be unsecure. Any of your clients could send DNS query to
malicious server and the others would get bad DNS data.
...while DNSSEC would avoid this issue, it would then be simply useless to
do this.
My recommendation: don't redirect DNS traffic. Either allow it or block it.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*
More information about the bind-users
mailing list