1

Is it possible to setup Bind9 to forward DNS requests, such that the requested DNS suffix is an alias to another longer, more complex, suffix.

For example, can I setup Bind9 to resolve DNS requests for machine-name.my-app.internal where these requests would be forwarded to machine-name.k8zb98713j4bka.dx.internal.cloudapp.net. In this scenario my-app.internal is suffix that would need to be translated to k8zb98713j4bka.dx.internal.cloudapp.net.

I have Virtual Network setup in Azure with registered custom DNS server. I setup the DNS Server using Ubuntu and Bind9 based on articles:

https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-16-04

https://github.com/Azure/azure-quickstart-templates/tree/master/301-dns-forwarder/

The Custom DNS setup works good. One issue I have come across is, if I want to communicate between VMs, using the machine name, I cannot resolve machine name only. I need to use:

ping machine-name.<unique-id>.dx.internal.cloudapp.net

This is annoying, and error prone, since I need to copy-paste the full suffix.

Here is named.conf.options:

acl goodclients {
        10.0.0.0/8;
        localhost;
        localnets;
};

options {
        directory "/var/cache/bind";

        recursion yes;
        allow-query { goodclients; };

        forwarders {
                168.63.129.16;
                8.8.8.8;
                8.8.4.4;
        };
        forward only;

        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

I hope to register, with custom bind9 DNS server, a 'suffix alias' if such a thing exists.

Worst case, I need to create zone file, and manually register A records to reference private IP Addresses. But I would prefer using:

nslookup machine-name.my-app.internal

instead of:

nslookup machine-name.k8zb98713j4bka.dx.internal.cloudapp.net

where both of above requests, would resolve same private IP Address without manually registering DNS A records.

hovey
  • 31
  • 3
  • Why not just use `machine-name` and configure your local resolver or `/etc/resolv.conf` to just append the base domain `k8zb98713j4bka.dx.internal.cloudapp.net`? Seems far simpler. Otherwise also look at bind RPZ features. – Patrick Mevzek Mar 25 '19 at 23:35

1 Answers1

1

The Custom DNS setup works good. One issue I have come across is, if I want to communicate between VMs, using the machine name, I cannot resolve machine name only.

As far as I know, If name resolution works between VMs located in the same virtual network, or Azure Cloud Services role instances in the same cloud service. You could directly use Hostname or FQDN. Other scenarios will work with only FQDN. Check the name resolution scenarios in Azure VNet.

So if you just work in the same virtual network, you should nslookup the machine name using Azure DNS Private Zones or Azure-provided name resolution. Name resolution between VMs in different virtual networks only works with FQDN.

Nancy
  • 26,865
  • 3
  • 18
  • 34