Using views to make a domain resolve to a different value based on which IP is asking


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » DNS

Using views to make a domain resolve to a different value based on which IP is askingLast Modified: Aug 23, 2014, 4:33 pm
In this example, we'll outline how to make the dns system (bind/named) resolve a domain to a specific IP, based on which IP is doing the query.  For this, we'll use bind's "view" feature.

Assumptions
- We're on a LAN and we want the LAN computers to resolve the domain to .234
- All external IPs should resolve the domain to
- the domain already has a 1.2.3.4 zone at /var/named/.db
- the server's IP is 192.168.1.234 (where LAN computers should be sent to)

1) Create a LAN copy of the zone.

cd /var/named
cp -p domain.com.db domain.com.lan.db


2) Edit the domain.com.lan.db file, and change all 1.2.3.4 entries to 192.168.1.234
3) Edit your /etc/named/named.conf, things will need to be moved around.
If after the "options" and "controls" section, move the line immediately after them:

include "/etc/rndc.key";


4) Immediately after the rndc.key include line, add these lines:

acl internal {
       192.168.1.0/24;
};

view "internal-view" {
       match-clients { internal; };
       zone "domain.com" { type master; file "domain.com.lan.db"; };
};

view "external-view" {
       match-clients { any; };

where the point of this is to surround all other "zone" lines in the external-view. When using views, all zones must be within a view.
5) At the very bottom of the named.conf, add this line:

}; //end external view

to close the external view after all external zones are added.

6) If you have more than 1 domain you want to make work internally in this manner, repeat steps 1, 2, 4, where you'd just be adding 1 line to the internal-view in step 4 for the extra domains.

7) Also, you might need to ensure that the 192.168.1.0/24 range does *not* include your incoming router IP... depending on which IP is incoming from the router.. the external IP or the LAN IP (not 100% sure).  So the above range may not be correct.   Be sure to test your lookups both external an internall to confirm the views are working correctly.

If you're not sure how ranges work, you can alternatively just add a list of IPs instead of the range. Don't forget the colon after each IP/line.

2003 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST