Providing different DNS records (spoofed or not) depending on the client with Bind9

I did some major changes to my local server Bind9 setup. I was at the begin caching apt and steam depots on this server using dnsspoof from dsniff. After a few upgrades dnsspoof started to do nothing: it was up, on the proper device, noticing requests relevant to be spoofed but the end clients were still getting the real DNS records, not the spoofed ones.

So, I eventually decided to use directly Bind9, already up as a cache server, to do the spoofing.

Good, except that then nginx, running on the same server as Bind9, then required another resolver than Bind9 in order to get the real DNS records, since Bind9 was replying spoofed crap.

Bind9 is fully featured and I found that the easier way to get it do gives tailored replies depending on the clients is to use the views. But using views implies that every zones are included into views. You cannot just add a “view” for a given purpose and let your general setup.

A setup that should work more or less out of the box is provided with my packages -utils-cache-steam and -utils-cache-apt.

Using this, you must edit your /etc/bind/named.conf so it no longer directly include zones definition files but include the /etc/bind/named.conf.views that in turn will include relevant zones. Clients are set in /etc/bind/named.conf.acl and by default handle 192.168.1.1, 10.0.0.1 and 10.0.1.0 as server host (the two later are being used in my silent low energy consumption home server proposed setup).

It includes /etc/bind/named.conf.cache.sh that will (re-)generate zones definition files (named.conf.cache…) depending on the services you are actually caching.

This could probably be improved (annoying to make differences between 192.168, 10.0.0 and 10.0.1…) but it works fine. You can test by pinging packages.devuan.org from the server (loopback) or any clients.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s