How to configure , dig command support +subnet

Darren Ankney darren.ankney at gmail.com
Tue Dec 13 11:32:46 UTC 2022 

It seems like you might also need "match-destinations" to be defined, at least that is how i interpret this: https://bind9.readthedocs.io/en/v9_18_9/reference.html#namedconf-statement-match-destinations


> On Dec 13, 2022, at 5:47 AM, 徐娅 <xuya2011 at gmail.com> wrote:
> 
> 25-Nov-2022 23:30:32.924 running on Linux x86_64 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020
> 25-Nov-2022 23:30:32.924 built with  '--prefix=/usr/local/bind-9.18.9' '--enable-largefile' '--enable-epoll' '--enable-full-report' '--disable-doh' '--enable-dnsrps-dl' '--enable-dnsrps'
> 25-Nov-2022 23:30:32.924 running as: named -c named.conf -fg
> 25-Nov-2022 23:30:32.924 compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-39)
> 25-Nov-2022 23:30:32.924 compiled with OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017
> 25-Nov-2022 23:30:32.924 linked to OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017
> 25-Nov-2022 23:30:32.924 compiled with zlib version: 1.2.7
> 25-Nov-2022 23:30:32.924 linked to zlib version: 1.2.7
> 25-Nov-2022 23:30:32.924 ----------------------------------------------------
> 25-Nov-2022 23:30:32.924 BIND 9 is maintained by Internet Systems Consortium,
> 25-Nov-2022 23:30:32.924 Inc. (ISC), a non-profit 501(c)(3) public-benefit
> 25-Nov-2022 23:30:32.924 corporation.  Support and training for BIND 9 are
> 25-Nov-2022 23:30:32.924 available at https://www.isc.org/support
> 
> 
> # cat named.conf
> ... ...
> ... ...
> options {
>     listen-on    port 353 { any; };
>     listen-on-v6 port 353 { any; };
>     directory       "/root/edns/named";
>     allow-query     {	any;    };
>     allow-recursion {	any;    };
> 
>     empty-zones-enable no;
> 
>     pid-file "/root/edns/named/run/named.pid";
> 
> };
> 
> view "aaa" {
>     match-clients {    10.105.0.0/16 <http://10.105.0.0/16>;   };
>     zone "abc.com <http://abc.com/>" {
>         type master;
>         file "aaa/abc.com <http://abc.com/>";
>     };
> };
> 
> view "bbb" {
>     match-clients { 10.106.0.0/26 <http://10.106.0.0/26>;   };
>     zone "abc.com <http://abc.com/>" {
>         type master;
>         file "bbb/abc.com <http://abc.com/>";
>     };
> };
> 
> view "idc-default" {
>     match-clients {  any;  };
>     zone "abc.com <http://abc.com/>" {
>         type master;
>         file "any/abc.com <http://abc.com/>";
>     };
> };
> 
> # cat named/aaa/abc.com <http://abc.com/>
> ... ...
> www 600 IN TXT aaa
> 
> # cat named/bbb/abc.com <http://abc.com/>
> www 600 IN TXT bbb
> 
> # cat named/ccc/abc.com <http://abc.com/>
> www 600 IN TXT ccc
> 
> # dig @127.0.0.1 <http://127.0.0.1/> -p 353 txt.abc.com <http://txt.abc.com/> txt +subnet=10.105.2.2
> 
> ; <<>> DiG 9.18.9 <<>> @127.0.0.1 <http://127.0.0.1/> -p 353 txt.abc.com <http://txt.abc.com/> txt +subnet=10.105.2.2
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7948
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; COOKIE: 075abe1b7a9c177a010000006380ded9dc3ca0fc1bae43d4 (good)
> ; CLIENT-SUBNET: 10.105.2.2/32/0 <http://10.105.2.2/32/0>
> ;; QUESTION SECTION:
> ;txt.abc.com <http://txt.abc.com/>.			IN	TXT
> 
> ;; ANSWER SECTION:
> txt.abc.com <http://txt.abc.com/>.		600	IN	TXT	"any"
> 
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.1#353(127.0.0.1) (UDP)
> ;; WHEN: Fri Nov 25 23:27:21 CST 2022
> ;; MSG SIZE  rcvd: 99
> 
> I expect +subnet=10.105.2.2, return aaa, but returned any
> 
> # dig @127.0.0.1 <http://127.0.0.1/> -p 353 txt.abc.com <http://txt.abc.com/> txt +subnet=10.105.2.2
> any
> I expect +subnet=10.106.3.3, return bbb, but returned any
> 
> # dig @127.0.0.1 <http://127.0.0.1/> -p 353 txt.abc.com <http://txt.abc.com/> txt +subnet=10.106.3.3
> any
> 
> How do I change named.conf?
> 
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221213/51ab881e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221213/51ab881e/attachment.sig>

More information about the bind-users mailing list