[Help] Need separate DNS results based on the network

Hello,

I am having issues creating the following:

I need to have DNS resolve a different IP depending on whether someone is on our internal network or external network.

For example, on the internal network I would need example.com (or just example) to resolve as 0.0.0.1, but externally, example.com should resolve to 0.0.0.2 (obviously these are not the real IPs or Domains). This is because we have two network interfaces on the servers, one which handles internal traffic and one which handles external - which have different permissions, open ports, etc.

We have it currently so that externally the domain name goes to the proper external address. Internally, however, it still tries to resolve to the external address, which causes it to drop the connection.

Is there any way to have DNS return different IP addresses based on if the request is coming from a certain subnet?

Pure bind9 can be configured to do so. You can use so called “views” which you can use to configure bind to deliver different configurations based on requester-network. See here.

With Univention UCS this feature of bind9 is not implemented so far. Means, there is no way to configure bind through the web interface to do as you wish.

But by using the local.* files under /etc/bind you should be able to configure your bind as you like. You have to configure a separate zone and assign the views. See above link for further details how to do so. The local.* files will be included by bind when it starts up (depending on your ucr variable dns/backend).

I have not tried this yet, though.

/KNEBB

Mastodon