1

Is it possible to set up a GlobalNames zone using Bind DNS?

I'd like to be able to create an internal zone that responds to single lable names ie. http://intranet , or http://nas , rather than using a local zone or FQDN eg. http://intranet.local or http://nas.domain.com

I've looked around and cannot find any information regarding GlobalNames use for Bind DNS. However I have found references for Windows Server (which is not an option for my purposes).

If any one can link me to some material that I seem to be unable to find or provide a solution that would be great.

Cheers.

Aidan
  • 111
  • 1

1 Answers1

2

GlobalNames Zone (GNZ) is a Microsoft technology that bypasses the normal hierarchical DNS. Such zone is not defined in DNS standards. Therefore, it's only natural you can't find any information on how to setup GNZ with BIND.

Microsoft has also introduced a new type of Zone called GlobalNames or GNZ which is checked by DNS for any query before the normal DNS Zones like _msdcs.ForestName and DomainName.

METHOD 1: You can make single label addresses on a recursive BIND server by adding a new authoritative zone for each.

By making a something. zone you state that this server is authoritative for *.something, disabling the recursion for all subdomains: make sure your arrangement doesn't replace any actual entire TLD! For the same reason, trying to make a combined "GNZ" would replace the entire root (.), totally incapacitating the recursive functionality.

METHOD 2: You could use a feature called Response Policy Zone (RPZ) to override single hostnames in one zone:

Starting with BIND 9.8.1, it’s possible to maintain such overrides in one single zone, removing the hassle of establishing BIND config for every domain or hostname you need to block or redirect.

You just have to tell BIND that this new zone rpz you made is special:

zone "rpz" {
  type master;
  file "db.rpz";
  [ other options ]
}

options {
  [ other options ]
  response-policy { zone "rpz"; };
}
Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
  • 1
    Even more than "make sure your arrangement doesn't replace any actual entire TLD!", make sure not to replace any future TLD (because at that time it will be probably too difficult to just rename everything on your end), and since you can obviously not invent the future, whatever string you may decide to use could clash in the future, so this is really not the most reliable path. Otherwise see RFC2606 for a list of reserved names where it is guaranteed no future clash will happen, but the choices will probably not appeal to you. – Patrick Mevzek Apr 09 '18 at 00:54
  • What would we put in db.rpz? – Professor of programming Dec 10 '18 at 10:20
  • The records with host names without the trailing dots, e.g. `example.com A 127.0.0.1`. Detailed answer to your question is in the [tutorial](https://www.redpill-linpro.com/sysadvent/2015/12/08/dns-rpz.html) linked. – Esa Jokinen Dec 10 '18 at 14:08