Home / server / Questions / 615641
Accepted
Kladskull
Asked: 2014-07-26 17:47:20 +0800 CST

How can I selectively override some A records on a Bind DNS Server? [duplicate]

  • 772

I'm guessing there has to be a reasonable way to solve my issue but I'm trying to get some advice on a best practice to implement.

I have recently moved to a Web Design company and we need to be able to spoof DNS entries for websites we're working on. However we want to only override certain A records, but keep the others so the site seems to work.

i.e: We want to make "support.abcd.com" resolve locally, but everything else go to the real site. This would allow us to design/demo a fully functioning site with only the work in progress locally.

We have an internal BIND DNS server (9.9.5.dfsg-3).

What should my zone file look for "abcd.com" based on the example above?

Edit: Would this work?

          IN ns1
abcd.com. IN NS ns1
support.abcd.com. IN A 192.168.1.1
faq.abcd.com.     IN A 192.168.1.1
*.abcd.com.       IN NS abcd.com     <- External?
ubuntu

2 Answers

  1. Best Answer

    If this all just deals with overriding hostname->ip lookups, what is likely the easiest to set up and manage (especially if you have rapidly changing requirements) is for the developers to simply override the normal resolution by adding the relevant names in their local hosts files and to leave DNS alone.

    However, if you want to do this with DNS, using BIND as the resolver server, and you need to override specific names only (rather than whole zones), I believe you will need to use the Response Policy Zone (RPZ) functionality. This can possibly be done in conjunction with the use of views in order to make these changes only affect specific clients.

    I've included an example that would do the kind of thing you are specifically asking for but look at the linked documentation above for all the other options for how you can override things and more complete examples.

    options {
  ...
  response-policy { zone "development-overrides"; };
};

...

zone "development-overrides" {type master; file "master/development-overrides"; allow-query {none;}; };

    The referenced zone file has the normal master file syntax but the semantics are RPZ specific (do read the RPZ docs!):

    $TTL 1H
@                       SOA LOCALHOST. named-mgr.example.com (1 1h 15m 30d 2h)
                        NS  LOCALHOST.

support.example.com     A   192.168.1.1
faq.example.com         A   192.168.1.1
    • 17

  2. Either modify the hosts file on the developers machines (/etc/hosts on UNIX/Linux and C:\windows\system32\drivers\etc\hosts on windows) or use a view settings on your DNS, you define an ACL with the subnets that should be "spoofed" and use "match-clients" inside the view to match just those clients.

    About your example, it's a CNAME field not an NS field.

    • 0