Wednesday, January 14, 2015

bind - How do I set up a local DNS to forward from local domain to an external one?

Our client has a dev environment behind a firewall. They want us to be able to access resources in the dev environment, but don't want to grant us vpn access. Instead they have whitelisted an ip we control. On the machine at that ip address I've installed openVPN so that all our traffic to their dev machines will come from that one ip address. However, DNS is still failing, as their dev subdomain is not registered on nameserves outside the dev environment. So my plan is to have the VPN box also function as a DNS server.




Client has said we should CNAME from id.dev.client.com to id.client.edgekey.net to make DNS work. So I've installed bind9 on the same machine running openVPN and created the following files:



/etc/bind/named.conf.options



options {
        directory "/var/cache/bind";

        forwarders {
                185.121.177.177;
         };


        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};


/etc/bind/named.conf




include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";


/etc/bind/named.conf.local



zone "dev.client.com" {
  type master;
  file "/etc/bind/zones/dev.client.com";

};


/etc/bind/zones/dev.client.com 



id.dev.client.com.     IN      SOA     my.dns.server.com.  admin.example.com.(
        2019041103
        28800
        3600
        604800

        38400
)

id.dev.client.com.      IN      CNAME   id.client.edgekey.net.




If I ssh into the vpn box and do an nslookup, specifying the box's own name as the nameserver, this appears to produce the desired result.
nslookup id.dev.client.com my.dns.server.com produces the following:




Server:     my.dns.server.com
Address:    123.45.67.10#53

id.dev.client.com   canonical name = id.client.edgekey.net.
id.client.edgekey.net   canonical name = e5555.x.akamaiedge.net.
Name:   e5555.x.akamaiedge.net
Address: 55.55.55.55



However, if don't specify the nameserver and just run nslookup id.dev.client.com I get the result:



Server:     127.0.0.53
Address:    127.0.0.53#53

** server can't find id.dev.client.com: NXDOMAIN


and attempts to curl sites in the dev environment fail.




I've allowed incoming and outgoing traffic on port 53, and added the machine's own ip to the nameservers section of the netplan configuration, so it should be using itself for dns right?. What else do I need to do to make DNS function correctly on this machine?

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...