So to avoid having to add (more) pinhole NAT or similar I was looking into adding a responce-policy zone to UCS. Looking around for a while I did not find a way to do this with the admin interfaces or ucr.
I read about how to do this in general on https://serverfault.com/questions/18748/overriding-some-dns-entries-in-bind-for-internal-networks so I had an idea of what to do.
After some experimentation I figured it out. Fortunately it is quite simple actually:
Add the Zone and configure it:
To match the tutorial on stackoverflow we use "rpz" as zone name and "localhost." as nameserver.
Add the Host you want to overwrite:
and set the name and ip (in my case I want to just overwrite an unwanted domain name):
or change a record to match the internal host instead of the public IP:
adjust /etc/bind/named.conf.local
on the server (DC) to tell the server what to do with it:
options {
// added manually:
response-policy { zone "rpz"; };
};
and then restart bind with
systemctl restart bind9
and a quick dig shows the results as desired:
root@dc:/etc/bind# dig xmpp.lordvan.com @192.168.0.XX
; <<>> DiG 9.10.3-P4-Univention <<>> xmpp.lordvan.com @192.168.0.XX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42306
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xmpp.lordvan.com. IN A
;; ANSWER SECTION:
xmpp.lordvan.com. 5 IN A 192.168.0.XY
So exactly as we wanted it :) Still got to do some testing that nothing overwrites this, but I would hope that named.conf.local
won't be overwritten for no reason.
EDIT: It seems that for some reason it "looses" the response policy zone sometimes and after restarting bind9 it works again .. need to figure that one out somehow.
Share on Twitter Share on Facebook
Comments
There are currently no comments
New Comment