Different DNS replies depending on IP block

KurtKraut · 2008-08-22 02:05:32

I own a service that has mirrors all around the world. I'd like to Bind to respond a DNS request of my A ADDRESSes differently, depending on the IP block that made the request

For instance, from a computer from an ISP provider would have this:

[root@computer1 etc]# host bbs.archlinux.org
bbs.archlinux.org is an alias for archlinux.org.
archlinux.org has address 66.211.213.17

And another person from another ISP would have:

[root@ktk7 etc]# host bbs.archlinux.org
bbs.archlinux.org is an alias for archlinux.org.
archlinux.org has address 208.69.32.230

Anyone has a clue how I could do that ? Thanks in advance

tam1138 · 2008-08-22 02:16:21

Are you looking for generic round-robin DNS or would you like to specifically tailor responses to src addr?

KurtKraut · 2008-08-22 02:23:30

tam1138 wrote:

Are you looking for generic round-robin DNS or would you like to specifically tailor responses to src addr?

I'd like to specifficaly tailor responses based on the source address of the request. IPs starting with 82.*.*.* would receive a different response from 208.*.*.*, for instance.

cactus · 2008-08-22 04:00:50

With bind it is called 'views'.
you use match-clients (a match element for the view).
http://www.oreillynet.com/pub/a/oreilly … _0501.html (first google result)

you might also do some searching on geodns. there are services that provide this for you (akamai's geodns service for example), and some patches out there for Bind (i believe).

KurtKraut · 2008-08-22 04:08:33

cactus wrote:

With bind it is called 'views'.
you use match-clients (a match element for the view).
http://www.oreillynet.com/pub/a/oreilly … _0501.html (first google result)
you might also do some searching on geodns. there are services that provide this for you (akamai's geodns service for example), and some patches out there for Bind (i believe).

Thanks for the reply. I'm trying to use the views directive but they don't seem to work. Here is an excerpt of my current named.conf:

view "brazil" {
     match-clients { 201.17.105.0/24; };
     zone "brlink.org" {
           type master;
           file "/etc/bind/db.brlink.br";
     };
};

view "international" {
     match-clients { any; };
     zone "brlink.org" {
          type master;
          file "/etc/bind/db.brlink.int";
     };
};

I've used 201.17.105.0/24 only for testing porpuse because I own a server inside this block.

The results I'm getting are this: if in the named.conf the 'view brazil' is the first directive, all DNS requests, no matter where they came from, will be replied with db.brlink.br. If 'view international' is the first directive to be read in named.conf, any IP address will receive it's contents.

What am I missing ? How should I proceed ?

Thanks in advance

cactus · 2008-08-22 20:16:23

201.17.105.0/24;

try this instead

201.17.105/24;

Also.. tail the log (in arch bind dumps to /var/log/messages i believe) while you are starting and querying the nameserver.. see if the log tells you anything. You might have an error in one of your zone files or something.

xvalentinex · 2008-08-23 16:38:36

In your international view you should change this:

match-clients { any; };

to this:

match-clients { !201.17.105.0/24; any; };

Aside from that, everything looks accurate.

However, this doesn't really explain how any IP will still receive answers from the brazil view.

You could try the inverse of the above, although it shouldn't be necessary, and I don't even know if it's a valid configuration.

match-clients { 201.17.105.0/24; !any; };

Last edited by xvalentinex (2008-08-23 16:44:16)

Arch Linux

#1 2008-08-22 02:05:32

Different DNS replies depending on IP block

#2 2008-08-22 02:16:21

Re: Different DNS replies depending on IP block

#3 2008-08-22 02:23:30

Re: Different DNS replies depending on IP block

#4 2008-08-22 04:00:50

Re: Different DNS replies depending on IP block

#5 2008-08-22 04:08:33

Re: Different DNS replies depending on IP block

#6 2008-08-22 20:16:23

Re: Different DNS replies depending on IP block

#7 2008-08-23 16:38:36

Re: Different DNS replies depending on IP block

Board footer