0

So, I'm not sure how to word the question exactly, but here's what I'm trying to do...

(I'm trying to do this with BIND.)

My company has it's own internal name servers. Let's say that they are authoritative for "company.local." I want to host my own DNS server locally (and point my computers to this new name server) in order to add some records to that zone (company.local). (So, that these new records will show up when my computers try to resolve them.)

So, like, I want to add:

mycomputer1.company.local. IN A 192.168.0.11
mycomputer2.company.local. IN A 192.168.0.12

But, of course, I also want the company's records to still resolve correctly.

(No, I don't have permission to do any kind of zone transfer or anything like that.)

How can I do this?

N73k
  • 111
  • 5

3 Answers3

1

Recent version of bind have a feature called a 'response policy zone', that you can use to override specific records.

A very common usage of this is to override www.google.com, www.youtube.com to force safe-search.

Some links

Zoredache
  • 128,755
  • 40
  • 271
  • 413
1

A bit cumbersome but you can simply make zones for these names and only have RRs at the apex. For example:

zone "mycomputer1.company.local" IN {
  type master;
  file "mycomputer1.company.local.zone";
}

mycomputer1.company.local.zone would contain:

$TTL 86400
@ IN SOA mynameserver.company.local. me.company.local. (
  2019122301  ; serial
  10800       ; refresh
  3600        ; retry
  604800      ; expire
  86400       ; minimum ttl
)
  IN NS   mynameserver.company.local.
  IN A    192.168.1.1

Something like this is used for IN-ADDR.ARPA delegation for individual addresses. See https://tools.ietf.org/id/draft-fanf-dnsop-rfc2317bis-01.html#rfc.section.5

Mark Wagner
  • 17,764
  • 2
  • 30
  • 47
  • Yes. I was thinking about that. But I hoped there was a faster/shorter way. The RPZ thing is the answer I'm going to go with. But thanks. – N73k Jan 23 '20 at 18:01
0

.local domains are not available for purchase in any registrar, and are available to internal use. That said, you can just setup another DNS server, configuring it to simultaneously host the company.local zone and forward other requests to another DNS servers, like Google's 8.8.8.8 and 8.8.4.4.

Of course, it'll save you a lot of work if you can at least get a copy of the actual DNS zone file, so you don't have to write all A records all over again. If you can't, you can write a bash script to:

a) If names in your network are somehow structured (ie: admin-01, admin-02), you could use the dig utility to iterate over your network, name-solving the names or;

b) If the actual name server has a reverse zone configured, you could also use dig to solve the names through their IP addresses.

Good luck.

Stefano Martins
  • 1,131
  • 7
  • 10
  • Yeah. I just want "*.company.local." requests (that are not mine) to get forwarded to my company's name server. – N73k Jan 21 '20 at 19:32
  • As far as I know, you can't. A DNS server should act as a forwarder as a whole, per-domain basis, or have a full copy of the zone file. – Stefano Martins Jan 21 '20 at 19:51