CNAME with RPZ pointing to RPZ A record ?

devzero at web.de devzero at web.de
Tue May 9 10:27:23 UTC 2017 

Hello, 

we have lots of internal extra zones on our dns for development overrides.

I came across RPZ in bind, which looks interesting to us because we could drop tons of extra zones and put everything in a rpz-development-override zone file.

I tried RPZ and i can successfully put in an A record or CNAME pointing to "any" IP or FQHN.

We use lot`s of CNAME aliasses for server virtual host name aliasses, i.e.

myserver         IN A           1.2.3.4
myserver-vhost1	 IN CNAME	myserver.
myserver-vhost2	 IN CNAME	myserver.
myserver-vhost3	 IN CNAME	myserver.

How can we do that with RPZ ?

Apparentyl I can use A records and CNAME in RPZ zone file, but as soon as i create a CNAME which points to an A-record within the RPZ Zone file, it doesn`t resolve :

rpz-zonefile:
<snipp>
www.this-is-a-test.de	CNAME 	www.google.de.
www.this-is-another-test.de   A	1.2.3.4
www.this-doesnt-work.de CNAME www.this-is-another-test.de.


# nslookup www.this-is-a-test.de
Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
www.this-is-a-test.de	canonical name = www.google.de.
Name:	www.google.de
Address: 172.217.18.3

# nslookup www.this-is-another-test.de
Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
Name:	www.this-is-another-test.de
Address: 1.2.3.4

# nslookup www.this-doesnt-work.de
Server:		127.0.0.1
Address:	127.0.0.1#53

** server can't find www.this-doesnt-work.de: NXDOMAIN


May  9 12:16:44 nameserverhost named[2902]: client 127.0.0.1#51602 (www.dies-ist-ein-test.de): rpz QNAME Local-Data rewrite www.this-is-a-test.de via www.this-is-a-test.de.rpz-development-overrides
May  9 12:16:52 nameserverhost named[2902]: client 127.0.0.1#53888 (www.dies-ist-noch-ein-test.de): rpz QNAME Local-Data rewrite www.this-is-another-test.de via www.this-is-another-test.de.rpz-development-overrides
May  9 12:16:59 nameserverhost named[2902]: client 127.0.0.1#37241 (www.wieso-funktioniert-das-nicht.de): rpz QNAME Local-Data rewrite www.this-doesnt-work.de via www.this-doesnt-work.de.rpz-development-overrides


regards
roland

More information about the bind-users mailing list