0

I am using a BIND9 DNS server for my org, and I have an application that was published with a .local domain: example.website.local. There is an .com alternative that I want to re-map the .local to using the DNS server, but I don't know if it will be possible.

I have found this article on RPZ: Overriding some DNS entries in BIND for internal networks, but I keep getting this message after I apply the setting with my .local domain:

; <<>> DiG 9.16.1-Ubuntu <<>> example.website.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61184
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;example.website.local.     IN  A

;; Query time: 8 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Oct 17 11

Is there a way to rewrite this .local domain to a .com or public IP address using BIND or RPZ?

Thanks!

TrivPants
  • 11
  • 1
  • use hosts /etc/hosts to do the trick – djdomi Oct 17 '21 at 17:17
  • Thanks @djdomi /etc/hosts does work for the local machines. I ended up using RPZ to solve the issue. This is apparently also called a 'DNS firewall' but I used it to re-map the DNS lookups for the specific example.local domain. – TrivPants Oct 19 '21 at 12:46
  • Here is a quick run-down of what I needed to do to get it to work: 1. Have a working BIND9 server on a debian/Ubuntu box 2. Edit the `named.conf.options` file `response-policy { zone "rpz.local"; }; ` 3. Add the RPZ zone in the `/etc/bind/named.conf.local` file `zone "rpz.local" { type master; file "/etc/bind/db.rpz.local"; allow-query { localhost; }; allow-transfer { 12.34.56.78; }; };` 4. copy /etc/bind/db.empty to /etc/bind/db.rpz.local 5. Add the A record the .local to the db.rpz.local file `example.local A 8.8.8.8` 6. restart DNS – TrivPants Oct 19 '21 at 12:46
  • Update your question, not the comment....!!!!! Or of its solved, use an Answer to solve your question – djdomi Oct 19 '21 at 13:39

1 Answers1

1

Here is a quick run-down of what I needed to do to get it to work:

  1. Have a working BIND9 server on a debian/Ubuntu box

  2. Edit /etc/bind/named.conf.options adding:

response-policy { 
    zone "rpz.local"; 
};
  1. Add the RPZ zone in /etc/bind/named.conf.local
zone "rpz.local" { 
    type master; 
    file "/etc/bind/db.rpz.local"; 
    allow-query { localhost; }; 
    allow-transfer { localhost; }; 
};

  1. copy /etc/bind/db.empty to /etc/bind/db.rpz.local

  2. Add the A record the .local to db.rpz.local file:

example.local A 8.8.8.8
  1. restart DNS
systemctl restart bind9
rndc flush
rndc reload
Paul
  • 3,037
  • 6
  • 27
  • 40
TrivPants
  • 11
  • 1