Le 27/10/2018 à 14:13, Matus UHLAR - fantomas a écrit :
On 27.10.18 13:53, Frédéric Lochon wrote:
This is what I wanted to do. But allow-query and allow-recursion are
not allowed inside a zone of type forward.
aha. I haven't looked at possibbility of allow-recursion for "type
forward"
zone. allow-query still seems to be supported, even if it ouldn't
forward...
allow-query is not allowed, at least on my BIND:
Oct 27 14:18:49 named[4703]: /etc/bind/named.conf:186: option
'allow-query' is not allowed in 'forward' zone '.......'
allow-recursion can only exist in "options" section, but that's probably
not a problem. I guess I can allow-recursion for everybody as long as
there is an adequate allow-query option (but I still need to check this).
At the beginning I wanted to detect some specific DNS queries on my
BIND.
Those queries are dummy (answers too...). It's used by some IoT
devices to send "heartbeats" by using open access points with captive
portal (usually, DNS queries are sent even if you don't authenticate).
IoT devices in your network should have recursion allowed.
On my network it's OK.
But it's not OK outside. And this is what I'm trying to do: I want to
use open access point I found in the neighborhood because my devices
will travel all over my city.
So my first idea was to use BIND logging capabilities, but that's not
applicable because BIND only log everything or nothing.
So, I decided to write my own DNS server which would detect those
queries, and because I have only 1 IPv4, I would let BIND forward the
queries to my custom server (running on the same IP but another port).
Thus, slaving is not possible, as queries would be seen only by BIND.
because of caching by BIND, the other server would only see some of those
queries too.
Only few queries per day will be sent, so I can adjust the TTL accordingly.
--
Frédéric Lochon
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users