Local resolution first and then public resolution for "google.com" domain

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Local resolution first and then public resolution for "google.com" domain

Roberto Carna
Dear, I have a BIND private DNS server which has two forwarders for
public resolution.

I need to create a private zone "google.com" with just one A record as follow:

www.google.com IN A 192.168.0.100

All the local clients will resolve www.google.com to a private address
from our company.

And for the other google.com records that this private BIND receives
and they are not defined in the local private zone, they have to be
forwarded to the public forwarders in order to be resolved as normal.

Is it possible to have this scenario ???

Thanks a lot!!!

Robert
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Local resolution first and then public resolution for "google.com" domain

Matus UHLAR - fantomas
On 31.03.21 12:49, Roberto Carna wrote:

>Dear, I have a BIND private DNS server which has two forwarders for
>public resolution.
>
>I need to create a private zone "google.com" with just one A record as follow:
>
>www.google.com IN A 192.168.0.100
>
>All the local clients will resolve www.google.com to a private address
>from our company.
>
>And for the other google.com records that this private BIND receives
>and they are not defined in the local private zone, they have to be
>forwarded to the public forwarders in order to be resolved as normal.
>
>Is it possible to have this scenario ???

yes, simply define zone

zone "www.google.com" {
type master;
file "...";
};

note that for this kind setup, using dnsmasq with two forwarders and www.google.com
overriden through /etc/hosts would be easier solution.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Local resolution first and then public resolution for "google.com" domain

Tony Finch
Matus UHLAR - fantomas <[hidden email]> wrote:
>
> note that for this kind setup, using dnsmasq with two forwarders and
> www.google.com
> overriden through /etc/hosts would be easier solution.

Or a response policy zone, if you don't want to switch software

https://bind9.readthedocs.io/en/v9_16_13/reference.html#rpz

Tony.
--
f.anthony.n.finch  <[hidden email]>  https://dotat.at/
Forties, Cromarty, Forth: Northeast 5 to 7, backing north 3 to 5.
Slight or moderate. Rain at first. Good, occasionally poor at first.


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Local resolution first and then public resolution for "google.com" domain

Roberto Carna
In reply to this post by Matus UHLAR - fantomas
Dear Matus, maybe I have not understood very well...

I can setup a master zone as you said:

zone "www.google.com" {
type master;
file "...";
};

But what are the needed clauses from Bind's named.conf.options file in
order to tell "if foo.google.com is not present in the google.com
private zone, you have to forward the query to another server (public
forwarder) in order to be publicly resolved" ???

Thanks a lot again.



El mié, 31 mar 2021 a las 12:56, Matus UHLAR - fantomas
(<[hidden email]>) escribió:

>
> On 31.03.21 12:49, Roberto Carna wrote:
> >Dear, I have a BIND private DNS server which has two forwarders for
> >public resolution.
> >
> >I need to create a private zone "google.com" with just one A record as follow:
> >
> >www.google.com IN A 192.168.0.100
> >
> >All the local clients will resolve www.google.com to a private address
> >from our company.
> >
> >And for the other google.com records that this private BIND receives
> >and they are not defined in the local private zone, they have to be
> >forwarded to the public forwarders in order to be resolved as normal.
> >
> >Is it possible to have this scenario ???
>
> yes, simply define zone
>
> zone "www.google.com" {
> type master;
> file "...";
> };
>
> note that for this kind setup, using dnsmasq with two forwarders and www.google.com
> overriden through /etc/hosts would be easier solution.
>
> --
> Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Local resolution first and then public resolution for "google.com" domain

Matus UHLAR - fantomas
On 31.03.21 13:07, Roberto Carna wrote:

>Dear Matus, maybe I have not understood very well...
>
>I can setup a master zone as you said:
>
>zone "www.google.com" {
>type master;
>file "...";
>};
>
>But what are the needed clauses from Bind's named.conf.options file in
>order to tell "if foo.google.com is not present in the google.com
>private zone, you have to forward the query to another server (public
>forwarder) in order to be publicly resolved" ???

that above will cover www.google.com and *.www.google.com

>El mié, 31 mar 2021 a las 12:56, Matus UHLAR - fantomas
>(<[hidden email]>) escribió:
>>
>> On 31.03.21 12:49, Roberto Carna wrote:
>> >Dear, I have a BIND private DNS server which has two forwarders for
>> >public resolution.
>> >
>> >I need to create a private zone "google.com" with just one A record as follow:
>> >
>> >www.google.com IN A 192.168.0.100
>> >
>> >All the local clients will resolve www.google.com to a private address
>> >from our company.
>> >
>> >And for the other google.com records that this private BIND receives
>> >and they are not defined in the local private zone, they have to be
>> >forwarded to the public forwarders in order to be resolved as normal.
>> >
>> >Is it possible to have this scenario ???
>>
>> yes, simply define zone
>>
>> zone "www.google.com" {
>> type master;
>> file "...";
>> };
>>
>> note that for this kind setup, using dnsmasq with two forwarders and www.google.com
>> overriden through /etc/hosts would be easier solution.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Local resolution first and then public resolution for "google.com" domain

Roberto Carna
But if I want to resolve:

foo.google.com

that doesn't exist in my google.com private zone, I don't obtain any result.

I need to tell my private BIND to forward to 8.8.8.8 all the received
*.google.com queries, except www.google.com that is the one locally
resolved.

Thanks again !!!

El mié, 31 mar 2021 a las 13:48, Matus UHLAR - fantomas
(<[hidden email]>) escribió:

>
> On 31.03.21 13:07, Roberto Carna wrote:
> >Dear Matus, maybe I have not understood very well...
> >
> >I can setup a master zone as you said:
> >
> >zone "www.google.com" {
> >type master;
> >file "...";
> >};
> >
> >But what are the needed clauses from Bind's named.conf.options file in
> >order to tell "if foo.google.com is not present in the google.com
> >private zone, you have to forward the query to another server (public
> >forwarder) in order to be publicly resolved" ???
>
> that above will cover www.google.com and *.www.google.com
>
> >El mié, 31 mar 2021 a las 12:56, Matus UHLAR - fantomas
> >(<[hidden email]>) escribió:
> >>
> >> On 31.03.21 12:49, Roberto Carna wrote:
> >> >Dear, I have a BIND private DNS server which has two forwarders for
> >> >public resolution.
> >> >
> >> >I need to create a private zone "google.com" with just one A record as follow:
> >> >
> >> >www.google.com IN A 192.168.0.100
> >> >
> >> >All the local clients will resolve www.google.com to a private address
> >> >from our company.
> >> >
> >> >And for the other google.com records that this private BIND receives
> >> >and they are not defined in the local private zone, they have to be
> >> >forwarded to the public forwarders in order to be resolved as normal.
> >> >
> >> >Is it possible to have this scenario ???
> >>
> >> yes, simply define zone
> >>
> >> zone "www.google.com" {
> >> type master;
> >> file "...";
> >> };
> >>
> >> note that for this kind setup, using dnsmasq with two forwarders and www.google.com
> >> overriden through /etc/hosts would be easier solution.
>
> --
> Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> "One World. One Web. One Program." - Microsoft promotional advertisement
> "Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Local resolution first and then public resolution for "google.com" domain

Matus UHLAR - fantomas
On 31.03.21 13:57, Roberto Carna wrote:
>But if I want to resolve:
>
>foo.google.com
>
>that doesn't exist in my google.com private zone, I don't obtain any result.

do NOT define private zone "google.com".
configure private zone "www.google.com" that will NOT contain anything other
than www.google.com and below it.

Or, better, install dnsmasq and redefine "www.google.com" via /etc/hosts.

>I need to tell my private BIND to forward to 8.8.8.8 all the received
>*.google.com queries, except www.google.com that is the one locally
>resolved.

there's no point in forwarding from BIND to public nameservers.

>El mié, 31 mar 2021 a las 13:48, Matus UHLAR - fantomas
>(<[hidden email]>) escribió:
>>
>> On 31.03.21 13:07, Roberto Carna wrote:
>> >Dear Matus, maybe I have not understood very well...
>> >
>> >I can setup a master zone as you said:
>> >
>> >zone "www.google.com" {
>> >type master;
>> >file "...";
>> >};
>> >
>> >But what are the needed clauses from Bind's named.conf.options file in
>> >order to tell "if foo.google.com is not present in the google.com
>> >private zone, you have to forward the query to another server (public
>> >forwarder) in order to be publicly resolved" ???
>>
>> that above will cover www.google.com and *.www.google.com
>>
>> >El mié, 31 mar 2021 a las 12:56, Matus UHLAR - fantomas
>> >(<[hidden email]>) escribió:
>> >>
>> >> On 31.03.21 12:49, Roberto Carna wrote:
>> >> >Dear, I have a BIND private DNS server which has two forwarders for
>> >> >public resolution.
>> >> >
>> >> >I need to create a private zone "google.com" with just one A record as follow:
>> >> >
>> >> >www.google.com IN A 192.168.0.100
>> >> >
>> >> >All the local clients will resolve www.google.com to a private address
>> >> >from our company.
>> >> >
>> >> >And for the other google.com records that this private BIND receives
>> >> >and they are not defined in the local private zone, they have to be
>> >> >forwarded to the public forwarders in order to be resolved as normal.
>> >> >
>> >> >Is it possible to have this scenario ???
>> >>
>> >> yes, simply define zone
>> >>
>> >> zone "www.google.com" {
>> >> type master;
>> >> file "...";
>> >> };
>> >>
>> >> note that for this kind setup, using dnsmasq with two forwarders and www.google.com
>> >> overriden through /etc/hosts would be easier solution.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users