Posted by: lordvan 5 years, 2 months ago
So to avoid having to add (more) pinhole NAT or similar I was looking into adding a responce-policy zone to UCS. Looking around for a while I did not find a way to do this with the admin interfaces or ucr.
I read about how to do this in general on https://serverfault.com/questions/18748/overriding-some-dns-entries-in-bind-for-internal-networks so I had an idea of what to do.
After some experimentation I figured it out. Fortunately it is quite simple actually:
Add the Zone and configure it:
To match the tutorial on stackoverflow we use "rpz" as zone name and "localhost." as nameserver.
Add the Host you want to overwrite:
and set the name and ip (in my case I want to just overwrite an unwanted domain name):
or change a record to match the internal host instead of the public IP:
adjust /etc/bind/named.conf.local on the server (DC) to tell the server what to do with it:
options {
// added manually:
response-policy { zone "rpz"; };
};
and then restart bind with
systemctl restart bind9
and a quick dig shows the results as desired:
root@dc:/etc/bind# dig xmpp.lordvan.com @192.168.0.XX
; <<>> DiG 9.10.3-P4-Univention <<>> xmpp.lordvan.com @192.168.0.XX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42306
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xmpp.lordvan.com. IN A
;; ANSWER SECTION:
xmpp.lordvan.com. 5 IN A 192.168.0.XY
So exactly as we wanted it :) Still got to do some testing that nothing overwrites this, but I would hope that named.conf.local won't be overwritten for no reason.
EDIT: It seems that for some reason it "looses" the response policy zone sometimes and after restarting bind9 it works again .. need to figure that one out somehow.
Share on Twitter Share on FacebookRecent Posts
- Tryton templates caveat
- Upgrading mezzanine (forced to due to move to python3.10)
- [univention corporate server] reject more email attachements,.. amavis
- Tryton 6.0 -> 6.2 migration
- ibus not changing keyboard layout with enlightenment
Archive
2023
2022
- March (1)
2021
2020
2019
2018
2014
2012
- January (1)
2011
2010
2009
2008
2007
Categories
- Security (2)
- Django (8)
- Migrated from old blog (59)
- Tools (1)
- Network (5)
- Security (4)
- Privacy (1)
- Univention Corporate Server (6)
- Python (32)
- Development (33)
- Star Trek (4)
- Japan (1)
- Smarthome (1)
- Music (7)
- Games (12)
- Tea (3)
- Webpage (5)
- Homematic (1)
- Admin (27)
- Postgresql (9)
- News (1)
- Drink (3)
- Japanese Language (1)
- Cloud (1)
- ERP (11)
- Pets (5)
- Windows (4)
- Hardware (4)
- GUI (2)
- Solid Edge (2)
- Tryton (18)
- DBMail (2)
- RaspberryPI (1)
- Gentoo (15)
- Anime (8)
- Martial Arts (3)
- Database (13)
- Linux (46)
- Food (2)
- CAD (2)
- Photos (3)
- Events (6)
Authors
- lordvan (146)
Comments
There are currently no comments
New Comment