0

Good day, I am using Zentyal, configured with 2 interfaces, one internal and one external. When solving the servers hostname and aliases, bind randomly returns the external address in the results. The problem of course is that the local net can not talk to the external net, and breaks the services randomly. Example:

dig proxy.private.example.com

;; ANSWER SECTION:
proxy.private.example.com. 259200 IN   CNAME   zentyal.private.example.com.
zentyal.private.example.com. 900 IN    A       192.168.122.73
zentyal.private.example.com. 900 IN    A       10.10.20.40

10.10.20.40 is on the internal net and the address we should always resolve.

How do I exclude the interface "192.168.122.73" from the results? What would my bind config look like?

ps: I have searched for 3 days now; it is possible I am looking for the wrong things.

Your help is much appreciated.

Ruan Strydom
  • 3
  • 2

1 Answers1

0

What you have configured now is multiple A-records for the same resource. Bind will handle that as round-robin and alternately return 192.168.122.73 or 10.10.20.40 for a DNS request for zentyal.private.example.com.

What you want is that, depending on the interface/ip-address the DNS request originates, a different response is returned in a consistent way. In Bind that is called a view.

It requires that you set up two different zone files, on for external clients and a second for internal clients and configure Bind when to use which zone file. The relevant configuration section in your config might look a little like this:

view "internal" {
        match-clients { localnets; };
        recursion yes;          /* this is the default */

        zone "private.example.com" {
                type master;
                file "db.private.example.com.internal";
                allow-transfer { any; };
    };
};

view "external" {
    match-clients { any; };
    recursion no;

    zone "example.com" {
        type master;
        file "db.example.com.external";
            allow-transfer { none; };
    };
};

And then add the A record with the 10.x ip-address to db.private.example.com.internal and ensure that only the A record with the 192.x ip-address remains in the public db.example.com.external zone file.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • Thank you, I have not tried it yet, and I am no admin (developer actually) but logically it makes sense. – Ruan Strydom Feb 23 '15 at 13:56
  • It helps finding the correct section of the manual once you know the correct jargon :-) – HBruijn Feb 23 '15 at 22:21
  • Yes, I cant say thanks enough for your quick response and complete answer. I did not know about views. The problem after spending another 8 hours on the problem was however dlz (Samba). I will post the solution as an answer below. I am such a noob. – Ruan Strydom Feb 23 '15 at 22:44
  • Oh no! The solution is not permanent, I used samba-tool to delete the dns entry but after a restart it came back. I guess I could add a cron or startup script to delete the record every time. But it would be an ugly hack. – Ruan Strydom Feb 23 '15 at 22:48
  • Now should I create a new question because the problem changed or do I continue on this thread, because the problem is actually samba? – Ruan Strydom Feb 23 '15 at 22:52
  • New question probably – HBruijn Feb 23 '15 at 23:28