0

So, I have some dns where I have setting with many internal zones for my domain yyy.com. And I need add record to provider server (host - with configuration files to download, this not some DNS like googleDNS 8.8.8.8). Because his devices requesting for configuration using domain name xxx.5060.com or xxy.5060.com. I was think this is easy (in BIND8 was).

So I was add config to main zone file:

xxx.5060.com. IN A a.b.c.d
xxy.5060.com. IN A a.b.c.d

But named-checkzone return warning: ignoring out-of-zone data And of course DNS don't want recive IP asked for domain. So I was start googling and trying new configurations, for example:

xxx.5060.com. IN CNAME helper
xxy.5060.com. IN CNAME helper
helper        IN A     a.b.c.d

Warning was the same, co another solution finded in google was edit named.conf.local and add "zone":

zone "xxx.5060.com" {
    type forward;
    forwarders {
        a.b.c.d;
    }
}    
zone "xxx.5060.com" {
    type forward;
    forwarders {
        a.b.c.d;
    }
}
zone "yyy.com" {
    type master;
    file "/etc/bind/zones/db.yyy.com";
    allow-transfer { 10.e.e.e;
                     10.e.e.f; };
...

But DNS don't react.

Ohh... I try to add to upper config forward only;. Same reaction.

Have any one suggestion what I'm doing wrong or what set it?

DevAxeQuestion
  • 155
  • 1
  • 9
  • Is `a.b.c.d` in your example the address of the host you try to resolve (e.g. xxx.5060.com), or a nameserver capable of resolving the host name for you? – Lacek Mar 05 '19 at 13:26
  • This is some host in the internet (any global dns haven't this record). BTW. To resolve names without my list I use google dns (it was set in named.conf) – DevAxeQuestion Mar 05 '19 at 13:30

1 Answers1

0

A forward only zone should point to nameserver addresses capable of answering requests regarding the given zone.

So, if you want your nameserver to resolve xxx.5060.com, you need to specify a forward zone pointing to the nameserver of 5060.com, like this:

zone 5060.com {
    type forward;
    forward only;
    forwarders {
        172.247.252.11;
        115.29.220.216;
    };
};

A small side note here: I don't know if the zone 5060.com is supposed to be only an example, or an actual domain you try to resolve. If it is an example only, then you got unlucky, since 5060.com does exist, and has the IP addresses in the example above registered as nameservers.

The example above should work if the host you try to resolve actually exist. If it doesn't, then it is no "nice" way of achieving what you want. You can't "inject" host names into a domain you don't own. Your options here are the following:

You can set your nameserver to be a master server of 5060.com.

This way, you can define whatever host you want in that zone. This has several drawbacks:

  1. The hosts you define will be visible only for computers using your server (and only that) as a DNS server. Your changes (naturally) will not be propagated to other DNS servers.
  2. Any host definitions not present in your zone file will be gone: you can't "add" host names and make your DNS server ask the "real" servers for the remainder.
  3. If your server is accessible from the internet, you must take care not to propagate the fake config to unsuspecting clients.

Define a dummy domain

The other thing you can do to define a dummy domain which begins with 5060.com, but is actually your internal domain, for example 5060.com.ismine. Define the hosts you want in this domain, and set the DNS search suffix in your client computers to ismine. This way, if a host is not found through the "official" DNS servers, the clients will try to remain the host name with the .ismine suffix, and your DNS server can provide them with the host name you like. This method, too, has some drawbacks:

  1. As with the previous method, the host names will be accessible only to clients using your DNS server only. If they have backup DNS, it won't work (at least not when they ask the other DNS server).
  2. You can't redefine host names, as the clients will try the registered name servers first, and will try to apply the suffix only if the host name was not found.
  3. You must be able to change the DNS resolution config of your clients.
  4. If your server is a DNS server accessible from the internet, you may want not to propagate your internal zone to outside clients.

If I understand your post correctly, you can't modify the local hosts files on the devices, so if the above methods don't work for you, then you are more or less out of luck.

Community
  • 1
Lacek
  • 6,585
  • 22
  • 28
  • Hi, thanks for your help and explanation. The domain exist, this is a provider server with configuration of phones. I change record names/IP only. Phone start booting, ask for DNS name and I must return IP. Until that time my core router Cisco doing this job: `ip host xxx.5060.com a.b.c.d.` and `ip host xxy.5060.com a.b.c.d.`. But I need dns server so I try sort out everything. This is my local dns, without giving name on the "world". – DevAxeQuestion Mar 06 '19 at 07:07
  • I have one more question, There is any chance to put specific record as `xxx.5060.com` and `xxy.5050.com`. I don't want return all zone `5060.com`, because another subdomains like `xyz.5060.com` can have some content whose another host (not phones) want see. – DevAxeQuestion Mar 06 '19 at 07:07
  • If you set up your DNS server so it resolves the domain `5060.com`, you can define whatever host names you like in that domain. Subdomains of `5060.com` will not be overridden this way, for those, the "real" DNS servers will be queried. – Lacek Mar 08 '19 at 12:49