Aw: Re: CNAME with RPZ pointing to RPZ A record ?

2017-05-09 Thread devzero 
that would subvert the idea of rpz overriding, as i would need to create zone 
files for zones i want to manage in rpz zone.

i´m curious why it doesn`t work with rpz zone like normal zones.

is that considered to be a bug, a missing feature or possibly intentional ?

roland

> Gesendet: Dienstag, 09. Mai 2017 um 12:39 Uhr
> Von: "Tony Finch" 
> An: devz...@web.de
> Cc: bind-users@lists.isc.org
> Betreff: Re: CNAME with RPZ pointing to RPZ A record ?
>
> devz...@web.de wrote: > > We use lot`s of CNAME aliasses for server virtual 
> host name aliasses, i.e. > > myserver IN A 1.2.3.4 > myserver-vhost1 IN CNAME 
> myserver. > myserver-vhost2 IN CNAMEmyserver. > myserver-vhost3 IN 
> CNAMEmyserver. > > How can we do that with RPZ ? You could set up 
> canonical names for your dev servers outside the namespace that needs to be 
> overridden, so that you can point the RPZ CNAMEs outside the RPZ domain. Or 
> you could replace the RPZ CNAME records with address records. Tony. -- 
> f.anthony.n.finch http://dotat.at/ - I xn--zr8h punycode Biscay: Easterly or 
> northeasterly 5 or 6, occasionally 7 at first, becoming variable 4 later in 
> south. Moderate or rough, becoming slight or moderate later. Thundery showers 
> later. Good, occasionally poor later.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

CNAME with RPZ pointing to RPZ A record ?

2017-05-09 Thread devzero 
Hello, 

we have lots of internal extra zones on our dns for development overrides.

I came across RPZ in bind, which looks interesting to us because we could drop 
tons of extra zones and put everything in a rpz-development-override zone file.

I tried RPZ and i can successfully put in an A record or CNAME pointing to 
"any" IP or FQHN.

We use lot`s of CNAME aliasses for server virtual host name aliasses, i.e.

myserver IN A   1.2.3.4
myserver-vhost1  IN CNAME   myserver.
myserver-vhost2  IN CNAME   myserver.
myserver-vhost3  IN CNAME   myserver.

How can we do that with RPZ ?

Apparentyl I can use A records and CNAME in RPZ zone file, but as soon as i 
create a CNAME which points to an A-record within the RPZ Zone file, it doesn`t 
resolve :

rpz-zonefile:

www.this-is-a-test.de   CNAME   www.google.de.
www.this-is-another-test.de   A 1.2.3.4
www.this-doesnt-work.de CNAME www.this-is-another-test.de.


# nslookup www.this-is-a-test.de
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
www.this-is-a-test.de   canonical name = www.google.de.
Name:   www.google.de
Address: 172.217.18.3

# nslookup www.this-is-another-test.de
Server: 127.0.0.1
Address:127.0.0.1#53

Non-authoritative answer:
Name:   www.this-is-another-test.de
Address: 1.2.3.4

# nslookup www.this-doesnt-work.de
Server: 127.0.0.1
Address:127.0.0.1#53

** server can't find www.this-doesnt-work.de: NXDOMAIN


May  9 12:16:44 nameserverhost named[2902]: client 127.0.0.1#51602 
(www.dies-ist-ein-test.de): rpz QNAME Local-Data rewrite www.this-is-a-test.de 
via www.this-is-a-test.de.rpz-development-overrides
May  9 12:16:52 nameserverhost named[2902]: client 127.0.0.1#53888 
(www.dies-ist-noch-ein-test.de): rpz QNAME Local-Data rewrite 
www.this-is-another-test.de via 
www.this-is-another-test.de.rpz-development-overrides
May  9 12:16:59 nameserverhost named[2902]: client 127.0.0.1#37241 
(www.wieso-funktioniert-das-nicht.de): rpz QNAME Local-Data rewrite 
www.this-doesnt-work.de via www.this-doesnt-work.de.rpz-development-overrides


regards
roland 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users