Questions

BIND9 dns querys accross subnets?

+
1 Votes
Locked

BIND9 dns querys accross subnets?

onlinegeek101
I am trying to setup a bind 9 dns server. I currently can make it so that I will serve anyone who is in the direct subnet of the server. Example 192.168.0.2 is my dns server. If I make a DNS call from the machine hosting the server It resolves fine. But if I had a machine at 192.167.2.4 and I wanted them to be able to query the server as well how do I manage this. The address of the machines accessing the server can vary in any of the bottom 3 octets so I can't just declare zones for each. Thanks for any help in advance.
  • +
    1 Votes
    yasser_khan

    Do you have the proper ports opened (53) through your firewall across these different subnets. We have our DNS servers on their own subnet in a separate DMZ. Our webservers are in a different subnet altogether and our office servers are in a thirs zone. We have to have rules within our firewall allowing traffic to pass through on DNS Port across them to get the names resolved.

    Also, you may want to look at the BIND concept of creating views if you want to hit the server internally to get the internal IP name resolution but want the DNS to reply with an external or (different) IP if the query is coming from a different network.

    +
    0 Votes
    onlinegeek101

    It is still within the overall subnet of the company. It is just an a different address location. Ei. 192.168.2. instead of 192.168.3. I don't know how this comes into play. I don't think its a port issue because I get a response of refused from the DNS server. I think its more a bind configuration issue. You map the incoming request based on the ip of the person requesting I believe and I think currently this is restricted to people whos first 3 octets match. Any ideas?

    +
    1 Votes
    yasser_khan

    Do you by any chance have an acl within your named.conf file that is restricting responses to the incoming query. For example:

    acl "allowip" {10.0.1/24; 10.2.1/24; 10.3.1/24; 10.5.1/24; 10.0.10/24; 10.7.1/24; 192.168/16; 127/8; 172/8; };

    This will restrict replies to only those requests that are generated from within these allowed subnet ranges.

    +
    0 Votes
    onlinegeek101

    Nope nothing like that.

  • +
    1 Votes
    yasser_khan

    Do you have the proper ports opened (53) through your firewall across these different subnets. We have our DNS servers on their own subnet in a separate DMZ. Our webservers are in a different subnet altogether and our office servers are in a thirs zone. We have to have rules within our firewall allowing traffic to pass through on DNS Port across them to get the names resolved.

    Also, you may want to look at the BIND concept of creating views if you want to hit the server internally to get the internal IP name resolution but want the DNS to reply with an external or (different) IP if the query is coming from a different network.

    +
    0 Votes
    onlinegeek101

    It is still within the overall subnet of the company. It is just an a different address location. Ei. 192.168.2. instead of 192.168.3. I don't know how this comes into play. I don't think its a port issue because I get a response of refused from the DNS server. I think its more a bind configuration issue. You map the incoming request based on the ip of the person requesting I believe and I think currently this is restricted to people whos first 3 octets match. Any ideas?

    +
    1 Votes
    yasser_khan

    Do you by any chance have an acl within your named.conf file that is restricting responses to the incoming query. For example:

    acl "allowip" {10.0.1/24; 10.2.1/24; 10.3.1/24; 10.5.1/24; 10.0.10/24; 10.7.1/24; 192.168/16; 127/8; 172/8; };

    This will restrict replies to only those requests that are generated from within these allowed subnet ranges.

    +
    0 Votes
    onlinegeek101

    Nope nothing like that.