22.11.2022 16:53, Renaud Allard via Unbound-users wrote:
On 22. 11. 22 13:27, Michael Tokarev via Unbound-users wrote:
For example, we've a domain and a few geographically-spread
offices, each office is supposed to have its own proxy, email
server, file server and stuff like that. This is also an
AD DC domain. I thought about a single domain zone and local
overrides for certain commonly used names. But once again
faced this issue with unbound who is unable to resolve
(expand) CNAMEs in local-data or somesuch.
Did you try with RPZ instead of using local-data inside the config file? Both
methods don't give exactly the same results with CNAMEs.
Also, don't forget that you cannot put a CNAME on top of a zone.
I've never come across RPZ before, haven't heard of it.
But I'm not sure what do you mean here. How is it possible
to use RPZ for this task, to override a name with an (expanded)
CNAME?
For example, in example.com domain I want to add an "fs" CNAME
record pointing to foo.example.com. How would I do that with
RPZ?
That should be a qname trigger, but I'm lost for now about the action.
rpz:
name: "example.com" # arbitrary?
zonefile: "example.com.rpz"
rpz-action-override: cname
rpz-cname-override: "foo.example.com."
with example.com.rpz containing:
fs.example.com. CNAME rpz-drop.
?
And if I want to configure another such name, I'll have to
create another rpz zonefile and another rpz section?
Lemme try... hmm, immediately this file (rpz) has been overwritten,
with contents of example.com zone. It looks like I don't see how
this works, and why it removed the data I've put there.
Or does this need another indirection, to configure this "rpz zone"
on some other primary? And to serve different contents to different
sites, I'll have to configure SEVERAL primaries?
Or am I out of track completely?
I'll try to configure this one test zone in nsd. But this whole
thing quickly becomes unmanageable...
Thanks,
/mjt
