How to add a DNS responce-policy zone to Univention Corporate Server (UCS)

(0 comments)

So to avoid having to add (more) pinhole NAT or similar I was looking into adding a responce-policy zone to UCS. Looking around for a while I did not find a way to do this with the admin interfaces or ucr.

I read about how to do this in general on https://serverfault.com/questions/18748/overriding-some-dns-entries-in-bind-for-internal-networks so I had an idea of what to do.

After some experimentation I figured it out. Fortunately it is quite simple actually:

Add the Zone and configure it:

Add zone

Zone settings

To match the tutorial on stackoverflow we use "rpz" as zone name and "localhost." as nameserver.

Add the Host you want to overwrite:

and set the name and ip (in my case I want to just overwrite an unwanted domain name):

or change a record to match the internal host instead of the public IP:

adjust /etc/bind/named.conf.local on the server (DC) to tell the server what to do with it:

options {
        // added manually:
        response-policy { zone "rpz"; };
};

and then restart bind with

systemctl restart bind9

and a quick dig shows the results as desired:

root@dc:/etc/bind# dig xmpp.lordvan.com @192.168.0.XX

; <<>> DiG 9.10.3-P4-Univention <<>> xmpp.lordvan.com @192.168.0.XX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42306
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xmpp.lordvan.com.              IN      A

;; ANSWER SECTION:
xmpp.lordvan.com.       5       IN      A       192.168.0.XY

So exactly as we wanted it :) Still got to do some testing that nothing overwrites this, but I would hope that named.conf.local won't be overwritten for no reason.

EDIT: It seems that for some reason it "looses" the response policy zone sometimes and after restarting bind9 it works again .. need to figure that one out somehow.

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

Recent Posts

Archive

2020
2019
2018
2014
2012
2011
2010
2009
2008
2007

Categories

Authors

Feeds

RSS / Atom