one domain different address depending on source 1

[ldzib]

in Local Network i have one server named test.domain.com with three ip address:

192.168.1.1
172.16.1.1
10.9.1.1

I want to:
When clients in subnet 192.168.1.x ask for DNS test.domain.com get ip address 192.168.1.1
When clients in subnet 172.16.1.1 ask for DNS test.domain.com get ip address 172.16.1.1
When clients in subnet 10.9.1.1 ask for DNS test.domain.com get ip address 10.9.1.1

This will communicate clients directly with server, no need to route packets from one subnet to other subnet through Firewall.

Any tips? thanks.

 

[Noway2]

This could be a little bit tricky.
One way would be to run three copies of your DNS application, each listening on a different interface associated with the subnet. This does lead to the question I have of is your DNS on a common (e.g. public) interface that all three ranges can access?

A second way, to investigate at least as I am not sure if it would work, would be to use ACLs to enable the respective zone file when connecting from a particular range.

 

[ldzib]

Hi Noway2, yes my DNS server is common to all my networks:
DNS server has only one interface:
192.168.20.1

webserver test.domain.com has three interfaces:

192.168.1.1
172.16.1.1
10.9.1.1

clients in 192.168.1.x has DNS server 192.168.20.1
clients in 172.16.1.x has DNS server 192.168.20.1
clients in 10.9.1.x has DNS server 192.168.20.1

when clients 10.9.1.x ask ip address for test.domain.com they should get 10.9.1.1

when clients 172.16.1.x ask ip address for test.domain.com they should get 172.16.1.1

when clients 192.168.1.x ask ip address for test.domain.com they should get 192.168.1.1


i'll read ACL documentation, it's hard to add two new interfaces to my DNS server.

 

[SweetRevelation]

ACLs with a view clause should be what you need in BIND. You can create a view to offer up a different file for the zone requested, and you can assign people to the view with the ACLs.

 

[ldzib]

thanks SweetRevelation i've solved it:

#cat /etc/named.con
acl "subnet_one"{
192.168.1.0/24;
};

acl "subnet_two"{
172.16.1.0/24;
};

acl "subnet_three"{
10.9.1.0/24;
};

options{
bla...bla...
};

view "one_view"{
match-clients { subnet_one; };
zone "mydomain.com" IN {
type master;
file "subnet_one/mydomain.com";
};
};

view "other_view"{
match-clients { subnet_two; };
zone "mydomain.com" IN {
type master;
file "subnet_two/mydomain.com";
};
};

view "third_view"{
match-clients { subnet_three; };
zone "mydomain.com" IN {
type master;
file "subnet_three/mydomain.com";
};
};

Interesting part of mydomain.com:

#cat /var/named/subnet_one/mydomain.com

test IN A 192.168.1.1


#cat /var/named/subnet_two/mydomain.com

test IN A 172.16.1.1

#cat /var/named/subnet_three/mydomain.com

test IN A 10.9.1.1


when clients in subnet one ask for test.mydomain.com they get 192.168.1.1
when clients in subnet two ask for test.mydomain.com they get 172.16.1.1
when clients in subnet three ask for test.mydomain.com they get 10.9.1.1

thanks.

 

[ShackDaddy]

Nice job. Thanks for posting this.

Dave Shackelford
ThirdTier.net
TrainSignal.com