Override DNS with BIND

by ·Keine Kommentare

If you want to manipulate DNS-Entries before and without ISP-DNS Resolution you can do it with extra DNS-Server at your site. Best thing would be putting this DNS in DMZ-Zone.

e.g. Youre hosting WebEx and have one Public-URL to connect. Your Internal Clients will always route the traffic via Internet. To avoid this you can override the DNS – Resolving at your ISP with an own DNS. It’s also possible with your own Windows-DNS but… I like Linux 😉

Here I did with Linux, because its free:

Install BIND and configure named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
 
options {
        listen-on port 53 { 127.0.0.1; 10.1.10.100; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 10.1.0.0/16; 10.2.0.0/16; };
        recursion yes;
 
        //dnssec-enable yes;
        //dnssec-validation yes;
        //dnssec-lookaside auto;
 
        /* Path to ISC DLV key */
        //bindkeys-file "/etc/named.iscdlv.key";
 
        //managed-keys-directory "/var/named/dynamic";
 
        forwarders { 8.8.8.8; 8.8.4.4; };
 
};
 
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
 
//zone "." IN {
//      type hint;
//      file "named.ca";
//};
 
 
include "/etc/named.rfc1912.zones";

Important parts of config:

Who is allowed to query this DNS?

 allow-query { localhost; 10.1.0.0/16; 10.2.0.0/16; };

Forward-Adresses for DNS-Requests which cannot be handled/resolved by the local DNS

forwarders { 8.8.8.8; 8.8.4.4; };

For your linking your own zones:

include "/etc/named.rfc1912.zones";

If you do changes, dont forget to restart

/etc/init.d/named restart
If you now want to override some URLS you have to create a link inside of /etc/named.rfc1912.zones
zone "override.untony.org" IN {
type master;
file "named.override.untony.org";
allow-update { none; };
};

and of course a file in /var/named called named.override.untony.org (in our example)

$TTL 86400 @       IN SOA  @       root (                                         2013111501      ; serial                                         1D              ; refresh                                         1H              ; retry                                         1W              ; expire                                         3H )            ; minimum @        IN NS          localhost. @        IN A           194.232.104.3

When you now put this DNS Server in your Active-Directory DNS as a forwarder every Request which goes to override.untony.org will be resolved with 194.232.104.3 which us a total different site.

How-To change Forwarder in Active Directory-DNS:
in DNS Console right click the DNS and choose Properties.
Then navigate to forwarders tab and enter the IP-Adress of the new DNS, usually you have there your ISP-DNS or Google DNS servers.
1+

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.