From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 9A9691381F3 for ; Tue, 23 Jul 2013 08:28:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BBD1FE09F9; Tue, 23 Jul 2013 08:28:22 +0000 (UTC) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7FECEE09B4 for ; Tue, 23 Jul 2013 08:28:21 +0000 (UTC) Received: by mail-ee0-f54.google.com with SMTP id t10so4316813eei.41 for ; Tue, 23 Jul 2013 01:28:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=is13fa1z3M616/1f8WvgqTlKTL93V1U38DPqDqtPGAs=; b=VmjjCimbq9C4jbaHP+Fo4JDvIWEH5lQgIuZRyr4jeFBtU8uIT9x+MN3TEewgkb+Ocx LmP6KDdn/rP0gTuJ56Hr+p+Q8+hR8cpUrrAIbfs3tHUvcY9126stCCVIGIPAPH9UAPSd Diml0RLHAGd2F1UW/72hz5AySaV9WJttgXYc9ubWyOGUWQxvWGdXbJBn45NqqA0VZKre yskDcANntVxdlla98WLCHEwaKd+jkW/R4G4jPZp/kmvyAZPCXXaRFHqlXVhfl2pgaSra 8lYmDXEi8DobCOXhHH2yvYH1fRrmknKV6LNzPivheIbshthWxBaMsyks+cE9DRT6z7zX cCnQ== X-Received: by 10.14.211.67 with SMTP id v43mr31755843eeo.55.1374568100131; Tue, 23 Jul 2013 01:28:20 -0700 (PDT) Received: from [10.1.20.207] (dustpuppy.is.co.za. [196.14.169.11]) by mx.google.com with ESMTPSA id l42sm56799763eeo.14.2013.07.23.01.28.17 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 23 Jul 2013 01:28:18 -0700 (PDT) Message-ID: <51EE3E0F.1080302@gmail.com> Date: Tue, 23 Jul 2013 10:25:51 +0200 From: Alan McKinnon User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130709 Thunderbird/17.0.7 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Make BIND inject queries References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 273ba692-d082-4218-a535-a52f4386853c X-Archives-Hash: 09dc2d01b18a18fb558018dc1ce4872c On 23/07/2013 09:40, Pavel Volkov wrote: > I have recently installed BIND as a recursive resolver for local network. > > I'll explain my configuration. There's a network with hosts binded to > example.org domain, like host1.example.org > , host2.example.org > etc. > They make DNS query through recursive server A. > Authoritative server for example.org domain is > server B and it's totally unrelated. > > Below is an example of what I'd like to accomplish. > 1. When the outside make a DNS query for host1.example.org > , it should only receive its AAAA > record 2001:db8:a::1. > 2. When host2 queries server A for host1.example.com > , server A should return the > same 2001:db8:a::1 AAAA record (resolved through authoritative server) > and also inject 192.168.1.100 A record into the reply. > > How can I setup BIND on server A to make it happen? What you want to accomplish is cache-poisoning. There's a few ways to do it, but it's not easy. You can load the customized copy of the zone onto the cache that your internal hosts use, or set up an authoritative internal-only server. This stuff gets tricky, every time I have to investigate our setup that does something similar, I need to work it out in my head all over again. The best advice I can give is DO NOT TRY AND ACCOMPLISH THIS WITH ONE DNS AUTH SERVER THAT SERVES INTERNAL AND EXTERNAL CLIENT. That way lies a whole lotta pain. -- Alan McKinnon alan.mckinnon@gmail.com