Wildcard SRV record?
Mark Andrews
marka at isc.org
Mon Oct 31 22:04:59 UTC 2016
In message <CADdUxCw0VkFMM=ngsjzr-mZrBdAub_81aPdPGoD-J_EtMaERKg at mail.gmail.com>
, Stephen Pape writes:
> That doesn't work for me. When machine1.domain1.foo tries to look up
> the SRV record, it queries for _vlmcs._tcp.domain1.foo. Bind doesn't
> have that record, so it doesn't work.
Well add it.
If you need need change control independent of domain1.foo then get
_vlmcs._tcp.domain1.foo delegated to you and set up a zone rather
like this.
_vlmcs._tcp.domain1.foo. 3600 SOA ...
_vlmcs._tcp.domain1.foo. 3600 NS ...
_vlmcs._tcp.domain1.foo. 3600 NS ...
_vlmcs._tcp.domain1.foo. 3600 SRV ...
or setup dynamic update with the right permission and use nsupdate
to modifiy the records using SIG(0).
_vlmcs._tcp.domain1.foo. 3600 KEY ...
update-policy {
grant * self * SRV KEY;
};
Which allows someone with the matching private key to update the
SRV and KEY records for records with names which match the KEY's
name.
update-policy {
grant * selfsub *;
};
This allows a host once a KEY record is added to update its address
records and add SRV and other records below itself using SIG(0).
If you put a key record at the zone apex you can use that to add
KEY records for each of the hosts to let them control their own DNS
presence.
Mark
> On Mon, Oct 31, 2016 at 1:08 PM, Eldridge, Rod A [ITNET]
> <rod at iastate.edu> wrote:
> >
> > Wouldn't you just need this one SRV record:
> >
> > _vlmcs._tcp.foo IN SRV 0 0 1688 ais-dc01.ainfosec.com.
> >
> > [ see https://blogs.technet.microsoft.com/odsupport/2011/11/14/how-to-disco
> ver-office-and-windows-kms-hosts-via-dns-and-remove-unauthorized-instances/ ]
> >
> >
> > --
> > Rod Eldridge
> > Networks & Communications
> > IT Services, Iowa State University of Science and Technology
> >
> >
> >
> >> On Oct 31, 2016, at 11:35 AM, Stephen Pape <srpape at gmail.com> wrote:
> >>
> >> Hello all,
> >>
> >> I have bind configured with a single TLD (.foo), and inside that are
> >> records for a large number of subdomains (machine1.a.foo,
> >> machine2.a.foo, machine1.b.foo, machine2.b.foo, etc.). DHCP clients
> >> are assigned a domain based on some factors, but it might be a.foo,
> >> b.foo, c.foo, etc.
> >>
> >> I'm trying to add a SRV record for everyone under .foo. I've tried:
> >>
> >> _vlmcs._tcp.*.foo. IN SRV 0 0 1688 ais-dc01.ainfosec.com.
> >>
> >> ... but it seems that wildcards don't work that way. I've tried
> >> something similar with CNAMEs, but that didn't work either.
> >>
> >> What DOES work is adding a CNAME record for each and every domain that
> >> I need. So a CNAME for _vlmcs._tcp.a.foo, _vlmcs._tcp.b.foo, etc.
> >>
> >> Is there a better way for me to do this, or do I have to generate a
> >> whole lot of specific CNAME records?
> >>
> >> Thanks!
> >>
> >> -Stephen
> >> _______________________________________________
> >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr
> ibe from this list
> >>
> >> bind-users mailing list
> >> bind-users at lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/bind-users
> >
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list