ISC-DHCPD & BIND9: Dynamic DNS interaction

I am running isc-dhcpd-4.4.1 and BIND 9.11.6 servers on FreeBSD 11.2 for a small company.

DHCPD serves a number of Windows stations (assigning them mostly static IP addresses), several special-purpose devices (getting static public IP addresses – must be available to our clients) and also different portable devices connecting the network through WiFi (which get addresses from a predefined range 192.168.120.50-192.168.120.200). The dynamically assigned clients get registered by the BIND named and their names are available both for forward and reverse DNS resolution. As the lease time for portable devices is short, they are automatically removed from DNS whenever they cease communicating.

So far, this arrangement works perfectly.

Now my questions:

  1. Is it possible to force DNS registration/removal for some specific portable devices that are expected to get always the same (statically defined) address? If so, how to configure it?
  2. Some portable devices ask for lease by host names that do not conform to standards (e.g., hostname contains ‘_’) which results in DNS registration refusal. Is there any way to correct the registration names by a “filter” (e.g., sed script)?

BIND9 SERVFAIL using dig on UBUNTU server 18

I am setting up a nextcloud+onlyoffice server on ubuntu server 18 and a LAN DNS for my office to go with it. I’m not a real IT guy but I follow tutorials and read forums. Also, being in China I don’t have google and most my searches find irrelevant answers… I still saw many people had an error similar to mine but no solution worked for me. I’m sure it’s a stupid obvious mistake but since I’m not familiar with the BIND9 syntax, I just don’t see it… Here is my named.conf.local :

    zone "plateforme.local" IN {     type master;     file "/etc/bind/zones/db.plateforme.local";     //allow-transfer{211.66.139.29;};     allow-update { none; };     allow-query { any; }; };  zone "139.66.211.in-addr-arpa" IN {     type master;     file "/etc/bind/zones/db.rev.plateforme.local";     allow-update {none;}; }; 

my db.plateforme.local :

; ; BIND data file for local loopback interface ; $  TTL    604800 @   IN  SOA ns.plateforme.local. root.plateforme.local. (                   33    ; Serial              604800     ; Refresh               86400     ; Retry             2419200     ; Expire              604800 )   ; Negative Cache TTL ;  ; name servers - NS info         NS  ns.plateforme.local.  ; name servers - adress ns  IN  A   211.66.139.29  ; name servers - A records nextcloud   IN  A   211.66.139.29 onlyoffice  IN  A   211.66.139.29 

Here is db.rev.plateforme.local :

; ; BIND reverse data file for local loopback interface ; $  TTL    604800 @   IN  SOA ns.plateforme.local. root.plateforme.local. (                   17    ; Serial              604800     ; Refresh               86400     ; Retry             2419200     ; Expire              604800 )   ; Negative Cache TTL ;  ; name servers - NS info     IN  NS  ns.plateforme.local.     IN  NS  localhost.  ; name servers - adress 29  IN  NS  ns.plateforme.local.  29  IN  PTR nextcloud.plateforme. 29  IN  PTR onlyoffice.plateforme.local. 

Here is the result of dig nextcloud.plateforme.local :

nextcloud@nextcloud-server:/etc/bind/zones$   dig nextcloud.plateforme.local. ; <<>> DiG 9.11.4-3ubuntu5.1-Ubuntu <<>> nextcloud.plateforme.local. ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42787 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1  ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;nextcloud.plateforme.local.    IN  A  ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: mar. mars 12 10:25:52 HKT 2019 ;; MSG SIZE  rcvd: 55 

and the reverse dig dig -x 211.66.139.29 that surprisingly works :

nextcloud@nextcloud-server:/etc/bind/zones$   dig -x 211.66.139.29  ; <<>> DiG 9.11.4-3ubuntu5.1-Ubuntu <<>> -x 211.66.139.29 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63404 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1  ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;29.139.66.211.in-addr.arpa.    IN  PTR  ;; ANSWER SECTION: 29.139.66.211.in-addr.arpa. 0   IN  PTR nextcloud-server. 29.139.66.211.in-addr.arpa. 0   IN  PTR nextcloud-server.local.  ;; Query time: 120 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: mar. mars 12 10:39:53 HKT 2019 ;; MSG SIZE  rcvd: 121 

I’d be very thankful if someone could help… I’m setting up this server for our team of 16 teachers because I had some computer science training over a decade ago, because we have need for such server and the offer in mainland China is limited and abroad out of reach… but I do it in addition to my duties as a teacher and it is draining my free time. I would greatly appreciate the help and advice of experts. Thank you in advance for your time !

bind9 resolve ip.example.com to ip

the company has changed to Zscaler private access, and now connections for an IP are no longer working.

What is working, is a hostname, as it get’s translated to 100.64.x.y and then routed to the drop off in the datacenter.

My question now: is there a way to tell bind, to resolve something like 10.1.1.1.ip.domain.com to 10.1.1.1 without adding 16M records? Something like “* IN A *” is not working?

Thanks

DNS Spoofing Bind9 DNS Server

I configure ubuntu server 18.04 as master DNS server. zone ==> google.com

; ; BIND data file for local loopback interface ; $  TTL    12h  @   IN  SOA ns1.google.com. root.google.com. (                   2     ; Serial              604800     ; Refresh               86400     ; Retry             2419200     ; Expire              604800 )   ; Negative Cache TTL ; @     IN    NS  ns1.google.com. ns1   IN    A   193.168.10.1 www   IN    A   <fake IP> mail    IN  A   <fake IP>   

I configure client to use this server as DNS server.

when I enter mail.google.com in client’s browser i got ssl ERR. how browser understand this issue. client’s browser is up to date.

How do I modify DNS-posts/zones in Bind9 on a Samba4-server (Zentyal?)

I’m running a Zentyal Samba4 server as a DNS server as well as an Active Directory domain controller. I’ve been having some issues lately with DNS. There are 2 ways that I know of to update DNS on that server, either via the Zentyal GUI, or by launching Windows’ DNS management tool (runas /netonly /user:domain.com\Administrator cmd.exe). I’ve noticed that only the latter actually works, and that modifying and creating DNS-posts via Zentyal’s GUI has no effect whatsoever (I have tried looking at the logs at /var/log/samba/* and /var/log/zentyal/*, but to no avail).

When I check what is going on in /etc/bind/named.conf.local (as Zentyal uses BIND9), I see the following:

// Generated by Zentyal  acl "trusted" {     localhost;     localnets; };  acl "internal-local-nets" {     10.16.10.0/22; };  dlz "AD DNS Zone" {     database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so"; }; 

Which leads me to believe that DNS is being managed by a binary file/application.

Now, the big question is, suppose I would like to make updates on the DNS-server from a non-Windows computer, how do I do that? I’ve been trying to look for the appropriate CLI-commands, but I hadn’t found anything. Surely there is a way to do that from within the server?

Any insights would be very appreciated!