Hi
Thanks for the quick response!
Answering the last question. There are two different systems where DNS names are generated from. One is actually phpipam where we generate entries from
and the second one is a virtualization platform, where we also dig in the DB to generate entries for VM-s
As I don't think we have had issues with PTR records so not having a "fix" is
not an issue.
In the end the solution is not use one IP range for both use cases.
Taavi Ansper
taavi.ans...@cyber.ee
On 04.03.24 19:06, Greg Choules wrote:
Hi.
If I understand you correctly, you are trying to get your resolver to go to two different places (main_hidden_dns_server and other_dns_server) for
answers to the same question, and then want it combine those answers into a single response to the client, which contains PTR records for both names?
If I got that correct, then it won't. If you want multiple PTR records to be associated with different names then they have to be in the same zone/zone
file.
A few comments:
- The statement "forward first' means, try forwarding first and only if that
fails, then try recursion.
- Adding forwarders to a secondary zone tells the server what to do for names delegated from that zone. e.g. if the zone is "example.com
<http://example.com>" and it contains "sub NS another.server.somewhere.else." then a query to it for "name.sub.example.com
<http://name.sub.example.com>" will follow the "forwarders" statement because "sub.example.com <http://sub.example.com>" has been delegated away.
- Do you really want to be forwarding to your hidden primary anyway?
- Why are two different servers both authoritative for
"100.168.192.in-addr.arpa"? That's asking for trouble.
Hope that helps.
Greg
On Mon, 4 Mar 2024 at 15:35, Taavi Ansper via bind-users mailto:bind-users@lists.isc.org>> wrote:
Hi
I am trying to understand bind9 more thorughly.
Backstory: We have been using bind9 for a long time and overhauling it
for more "usage".
We have been using a "hidden master dns" logic with views for different
usages.
E.g. Client -> Slave DNS Server <- (Transfer zones from hidden master)->
Hidden Master.
We had two views "external" and "internal" and now we added a new view
"dmz" aswell.
In one of those zones we had an interesting DNS "thingy" where for
example a CIDR 192.168.100.0/24 <http://192.168.100.0/24> was generating
entries to the main
"hidden dns" server via includes. It uses a domain called example.com
<http://example.com>.
Now another DNS server created DNS entries for the same CIDR
192.168.100.0/24 <http://192.168.100.0/24> but it had a different domain
"subdomain.example.com <http://subdomain.example.com>".
Including that info was easy.
In the Slave DNS
zone "example.com <http://example.com>" {
file blaah
type slave
masters { main_hidden_dns_server }
}
zone "subdomain.example.com <http://subdomain.example.com>" {
file blaah
type slave;
masters { other_dns_server }
}
But now comes the problem. When generating a PTR record
100.168.192.in-addr.arpa, I wish to combine both of these "results" into
one lookup. How can I do that? I tried to add:
zone "100.168.192.in-addr.arpa" {
file blaah
type slave;
masters { other_dns_server }
forward first;
forwarders { main_hidden_dns_server }
}
But this forwarding logic doesnt work. I have a feeling the forwarding
only works specific zones. and you can't combine two of the same
"names" into one. Am I correct and in order for PTR records to work I
need to get them into a single file?
--
Taavi Ansper
taavi.ans...@cyber.ee <mailto:taavi.ans...@cyber.ee>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/
<https://www.isc.org/contact/> for more information.
bind-users mailing list
bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
<https://lists.isc.org/mailman/listinfo/bind-users>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
