Deprecation notice for BIND 9.18: Differentiated Services Code Point (DSCP) support

Robert M. Stockmann stock at stokkie.net
Thu Jan 5 14:21:32 UTC 2023 

On Thu, 5 Jan 2023, [utf-8] Ondřej Surý wrote:

> Date: Thu, 5 Jan 2023 14:51:52 +0100
> From: "[utf-8] Ondřej Surý" <ondrej at isc.org>
> To: Robert M. Stockmann <stock at stokkie.net>
> Cc: BIND users <bind-users at lists.isc.org>
> Subject: Re: Deprecation notice for BIND 9.18: Differentiated Services
>     Code Point (DSCP) support
> 
> > On 5. 1. 2023, at 14:46, Robert M. Stockmann <stock at stokkie.net> wrote:
> > 
> > On Thu, 5 Jan 2023, [utf-8] Ondřej Surý wrote:
> > 
> > This is like Mercedes Benz announcing they will only sell
> > the Baby Benz model, which is a Volkswagen EV barebonez with
> > the VW logo replaced with a plastic Mercedes Benz star
> 
> I've asked for a strong use-case and all I've got was a snark.
> 
> Do you actually have a real-world use for DSCP or are you just in bad mood?
> 
>From /usr/share/doc/bind-9.9.9P6/FAQ :

Q: How can I make a server a slave for both an internal and an external
   view at the same time? When I tried, both views on the slave were
   transferred from the same view on the master.

A: You will need to give the master and slave multiple IP addresses and
   use those to make sure you reach the correct view on the other machine.

   Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
       internal:
           match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
                   notify-source 10.0.1.1;
                   transfer-source 10.0.1.1;
                   query-source address 10.0.1.1;
       external:
           match-clients { any; };
           recursion no;   // don't offer recursion to the world
           notify-source 10.0.1.2;
           transfer-source 10.0.1.2;
           query-source address 10.0.1.2;

   Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
       internal:
           match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
           notify-source 10.0.1.3;
           transfer-source 10.0.1.3;
           query-source address 10.0.1.3;
      external:
           match-clients { any; };
           recursion no;   // don't offer recursion to the world
           notify-source 10.0.1.4;
           transfer-source 10.0.1.4;
           query-source address 10.0.1.4;

   You put the external address on the alias so that all the other dns
   clients on these boxes see the internal view by default.

   -----//-----

Q: I want to forward all DNS queries from my caching nameserver to another
   server. But there are some domains which have to be served locally, via
   rbldnsd.

   How do I achieve this ?

A: options {
           forward only;
           forwarders { <ip.of.primary.nameserver>; };
   };

   zone "sbl-xbl.spamhaus.org" {
           type forward; forward only;
           forwarders { <ip.of.rbldns.server> port 530; };
   };

   zone "list.dsbl.org" {
           type forward; forward only;
           forwarders { <ip.of.rbldns.server> port 530; };
   };

-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock at stokkie.net

More information about the bind-users mailing list