Home / server / Questions / 557269
Accepted
Jonas Schäfer
Asked: 2013-11-26 07:12:22 +0800 CST

How to automatically rewrite response records obtained using recursion in BIND?

  • 772

I'm using Bind 9.9.4 on a hypervisor (lets call the hypervisor A) for VMs. The hypervisor has a VPN connection to a different host (lets call it B), which also has a public IP. The bind on hypervisor A is used by the VMs and won't answer to requests from anyone else.

To force the most of the traffic to host B through the VPN, it would be easiest if Bind would rewrite the A and AAAA records it finds during recursion to the local, private IP given to the vpn tunnel to host B.

I've already read about Response Policy Zones (RPZ), but as I get them, I have to replicate all records I want to be rewritten. Ideally, Bind would automatically detect the public IP of B in the records and replace it automatically.

Is there a way to achieve that?

networking

1 Answers

  1. Best Answer

    I found out that it is actually possible using Response-Policy Zones.

    One can match on IPs using the rpz-ip suffix. The notation is:

    # for IPv4
prefixlength.B4.B3.B2.B1.rpz-iz
# for IPv6
prefixlength.W8.W7.W6.W5.W4.W3.W2.W1.rpz-iz

    Details can be found in BINDs Administrator Reference Manual.

    • 1