I would like to return a unique CNAME for each request and add the IP address of that CNAME to the zone files. is it possible?
Asked
Active
Viewed 127 times
0
-
5Rather than tell us your proposed solution please edit your question to tell us what you're trying to achieve. – Tim Mar 12 '18 at 23:40
-
to track the users on the web server and correlate the logs of webserver and the nameserver. – Alex Mar 13 '18 at 00:01
-
2That doesn't tell us what you're trying to achieve? What is your desired business outcome? Why would you need to correlate those services? Name server information is cached using a hierarchy of name servers, they don't all hit your name server. You probably shouldn't even run a name server, let someone else do this basic task. – Tim Mar 13 '18 at 00:20
-
Interesting question, maybe someone can help you. – Tim Mar 13 '18 at 02:24
-
2This is related to this other question of you: https://serverfault.com/questions/901305/how-to-associate-dns-requests-with-the-requests-to-web-server-hosting-that-domai You could have provided this context in your question. – Patrick Mevzek Mar 13 '18 at 06:20
1 Answers
1
Your question lacks details. Why are you doing that (why specifically a CNAME?), who does the query, why you need to put the result in the zonefile, etc.
So here are below only some vague ideas.
If your question is about generating on the fly records, yes you can do it with bind as well as other nameservers letting you choose "dynamic" backend with some programming language.
See:
- Bind can serve "Dynamic Zones", but this is mostly tied to databases, see http://bind-dlz.sourceforge.net/ and Dynamically Loadable Zones | Internet Systems Consortium ; but you could also develop your own backend
- PowerDNS: Lua Backend | PowerDNS Authoritative Server documentation This backend is just a “glue” between PowerDNS and your own Lua application. ; so if you write a Lua application you are free to serve whatever record you want for each query.
- Yadifa and NSD do not seem capable to do that (but there are various patches and attempts to plug them to SQL databases for example)
You could also of course, again depending on your need, build a small simple authoritative nameserver in whatever programming language you choose that has a good DNS abstraction library to handle all the details (and there are many) of the DNS protocol.
Another cheap way of doing it: use wildcards. But with caution. However at their core the wildcards let you have immediately all CNAMEs you want in your zonefile with only one line. But it all depends on who queries your nameserver.
Remember that your authoritative nameserver has as clients the recursive nameservers, not the end clients so it will see only the IP address of the last recursive nameserver used by the client and not the client IP. You have the EDNS Client Subnet option that, if supported by the recursive resolver, will give you an indication on the subnet of the client IP address, but never the complete address for privacy reasons.
To close, have a look at various works of Geoff Huston. He his a DNS researcher at APNIC who does a lot of studies. To conduct them he often buys ads that provide unique links for each client resolving to specific names. See this example among others: Counting IPv6 in the DNS | The ISP Column It may give you some fresh ideas.
(See my detailed answer to your related query: How to associate DNS requests with the requests to web server hosting that domain name? | Server Fault)
Patrick Mevzek
- 9,921
- 7
- 32
- 43
-
Can you please explain more about what you mean by "But it all depends on who queries your nameserver."? – Alex Mar 13 '18 at 11:20
-
At that moment I was not aware of your other question so I lacked context. Ite was not sure to understant your needs and if you were in a normal case (clients of your nameserver will be normal recursive DNS clients) or some specific one where clients you control would be targeting the authoritative nameservers directly. – Patrick Mevzek Mar 13 '18 at 13:21
-
Thanks for the great answer. your answer to the other question looks nice, but I'm not sure if I can do it for the services other than a web service. I mean, in that question, I asked how to map DNS traffic and the web traffic, but if we want to do it for any other service (like FTP, mail, ...) I guess the solution based on CNAME makes sense. – Alex Mar 13 '18 at 14:14
-
About Dynamic Zones, I know that we can dynamically update the zone, but we can write a script to change it per request? How can we find that a new request has arrived? – Alex Mar 13 '18 at 14:16
-
You were speaking about Apache in the other question so I was thinking about web. Of course other cases will be more complicated. Dynamic records could be a solution (I still believe your question lacks enough context to be able to answer you the best possible), but certainly not something simple/out of the box. – Patrick Mevzek Mar 13 '18 at 14:17
-
Dynamic in my reply does not refer to dynamic zones just to the fact that the answer after a query would not be a static one as pulled from a file, but something generated on the fly, "dynamic" because some program would compute it at that time. See the PowerDNS case with Lua. – Patrick Mevzek Mar 13 '18 at 14:20