How to automatically rewrite response records obtained using recursion in BIND?

Question

I'm using Bind 9.9.4 on a hypervisor (lets call the hypervisor A) for VMs. The hypervisor has a VPN connection to a different host (lets call it B), which also has a public IP. The bind on hypervisor A is used by the VMs and won't answer to requests from anyone else.

To force the most of the traffic to host B through the VPN, it would be easiest if Bind would rewrite the A and AAAA records it finds during recursion to the local, private IP given to the vpn tunnel to host B.

I've already read about Response Policy Zones (RPZ), but as I get them, I have to replicate all records I want to be rewritten. Ideally, Bind would automatically detect the public IP of B in the records and replace it automatically.

Is there a way to achieve that?

When you get a moment, please accept your supplied answer so that this doesn't show up in unanswered question searches. Thanks! — Andrew B, Aug 05 '14 at 15:34
@AndrewB Sorry, I totally forgot about this! Did it, thanks for notifying me. — Jonas Schäfer, Aug 05 '14 at 16:28

score 1 · Accepted Answer · answered Nov 25 '13 at 16:35

I found out that it is actually possible using Response-Policy Zones.

One can match on IPs using the rpz-ip suffix. The notation is:

# for IPv4
prefixlength.B4.B3.B2.B1.rpz-iz
# for IPv6
prefixlength.W8.W7.W6.W5.W4.W3.W2.W1.rpz-iz

Details can be found in BINDs Administrator Reference Manual.

How to automatically rewrite response records obtained using recursion in BIND?

1 Answers1