Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Wildcard SRV record?
585 views
Skip to first unread message
Stephen Pape
Oct 31, 2016, 12:35:58 PM10/31/16
to bind-...@lists.isc.org
Hello all,
I have bind configured with a single TLD (.foo), and inside that are
records for a large number of subdomains (machine1.a.foo,
machine2.a.foo, machine1.b.foo, machine2.b.foo, etc.). DHCP clients
are assigned a domain based on some factors, but it might be a.foo,
b.foo, c.foo, etc.
I'm trying to add a SRV record for everyone under .foo. I've tried:
_vlmcs._tcp.*.foo. IN SRV 0 0 1688 ais-dc01.ainfosec.com.
... but it seems that wildcards don't work that way. I've tried
something similar with CNAMEs, but that didn't work either.
What DOES work is adding a CNAME record for each and every domain that
I need. So a CNAME for _vlmcs._tcp.a.foo, _vlmcs._tcp.b.foo, etc.
Is there a better way for me to do this, or do I have to generate a
whole lot of specific CNAME records?
Thanks!
-Stephen
I have bind configured with a single TLD (.foo), and inside that are
records for a large number of subdomains (machine1.a.foo,
machine2.a.foo, machine1.b.foo, machine2.b.foo, etc.). DHCP clients
are assigned a domain based on some factors, but it might be a.foo,
b.foo, c.foo, etc.
I'm trying to add a SRV record for everyone under .foo. I've tried:
_vlmcs._tcp.*.foo. IN SRV 0 0 1688 ais-dc01.ainfosec.com.
... but it seems that wildcards don't work that way. I've tried
something similar with CNAMEs, but that didn't work either.
What DOES work is adding a CNAME record for each and every domain that
I need. So a CNAME for _vlmcs._tcp.a.foo, _vlmcs._tcp.b.foo, etc.
Is there a better way for me to do this, or do I have to generate a
whole lot of specific CNAME records?
Thanks!
-Stephen
Matthew Pounsett
Oct 31, 2016, 12:45:22 PM10/31/16
to Stephen Pape, Bind Users
On 31 October 2016 at 12:35, Stephen Pape <srp...@gmail.com> wrote:
Is there a better way for me to do this, or do I have to generate a
whole lot of specific CNAME records?
If your subdomains follow a predictable pattern, then this seems like a prime use of the $GENERATE statement. You could either use it to generate the CNAMEs, or directly generate the SRV records themselves.
Stephen Pape
Oct 31, 2016, 12:55:29 PM10/31/16
to Matthew Pounsett, Bind Users
Thanks, but the names aren't predictable; they're usernames. I could
script something with nsupdate, if necessary, but I'd rather have a
simple record than have scripting/cron.
script something with nsupdate, if necessary, but I'd rather have a
simple record than have scripting/cron.
![Eldridge, Rod A [ITNET]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjUuH9fZlRvKEx4vsGJIqv4pr945Mc7tfq5Xtcxs4fF4w1V2gQ=s40-c)
Eldridge, Rod A [ITNET]
Oct 31, 2016, 1:08:46 PM10/31/16
to Stephen Pape, Eldridge, Rod A [ITNET], bind-...@lists.isc.org
Wouldn't you just need this one SRV record:
_vlmcs._tcp.foo IN SRV 0 0 1688 ais-dc01.ainfosec.com.
[ see https://blogs.technet.microsoft.com/odsupport/2011/11/14/how-to-discover-office-and-windows-kms-hosts-via-dns-and-remove-unauthorized-instances/ ]
--
Rod Eldridge
Networks & Communications
IT Services, Iowa State University of Science and Technology
> On Oct 31, 2016, at 11:35 AM, Stephen Pape <srp...@gmail.com> wrote:
>
> Hello all,
>
> I have bind configured with a single TLD (.foo), and inside that are
> records for a large number of subdomains (machine1.a.foo,
> machine2.a.foo, machine1.b.foo, machine2.b.foo, etc.). DHCP clients
> are assigned a domain based on some factors, but it might be a.foo,
> b.foo, c.foo, etc.
>
> I'm trying to add a SRV record for everyone under .foo. I've tried:
>
> _vlmcs._tcp.*.foo. IN SRV 0 0 1688 ais-dc01.ainfosec.com.
>
> ... but it seems that wildcards don't work that way. I've tried
> something similar with CNAMEs, but that didn't work either.
>
> What DOES work is adding a CNAME record for each and every domain that
> I need. So a CNAME for _vlmcs._tcp.a.foo, _vlmcs._tcp.b.foo, etc.
>
> Is there a better way for me to do this, or do I have to generate a
> whole lot of specific CNAME records?
>
> Thanks!
> whole lot of specific CNAME records?
>
>
> -Stephen
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Stephen Pape
Oct 31, 2016, 1:15:06 PM10/31/16
to Eldridge, Rod A [ITNET], bind-...@lists.isc.org
That doesn't work for me. When machine1.domain1.foo tries to look up
the SRV record, it queries for _vlmcs._tcp.domain1.foo. Bind doesn't
have that record, so it doesn't work.
the SRV record, it queries for _vlmcs._tcp.domain1.foo. Bind doesn't
have that record, so it doesn't work.
Darcy Kevin (FCA)
Oct 31, 2016, 2:21:57 PM10/31/16
to bind-...@lists.isc.org
Correct, wildcards don't work that way; in fact, it would be more accurate to say that _vlmcs._tcp.*.foo. isn't a wildcard at all (it's just a DNS name that happens to have an asterisk as one of its labels). See RFC 4592.
- Kevin
- Kevin
Mark Andrews
Oct 31, 2016, 6:05:09 PM10/31/16
to Stephen Pape, Eldridge, Rod A [ITNET], bind-...@isc.org
In message <CADdUxCw0VkFMM=ngsjzr-mZrBdAub_81...@mail.gmail.com>
, Stephen Pape writes:
> That doesn't work for me. When machine1.domain1.foo tries to look up
> the SRV record, it queries for _vlmcs._tcp.domain1.foo. Bind doesn't
> have that record, so it doesn't work.
Well add it.
> That doesn't work for me. When machine1.domain1.foo tries to look up
> the SRV record, it queries for _vlmcs._tcp.domain1.foo. Bind doesn't
> have that record, so it doesn't work.
If you need need change control independent of domain1.foo then get
_vlmcs._tcp.domain1.foo delegated to you and set up a zone rather
like this.
_vlmcs._tcp.domain1.foo. 3600 SOA ...
_vlmcs._tcp.domain1.foo. 3600 NS ...
_vlmcs._tcp.domain1.foo. 3600 NS ...
_vlmcs._tcp.domain1.foo. 3600 SRV ...
or setup dynamic update with the right permission and use nsupdate
to modifiy the records using SIG(0).
_vlmcs._tcp.domain1.foo. 3600 KEY ...
update-policy {
grant * self * SRV KEY;
};
Which allows someone with the matching private key to update the
SRV and KEY records for records with names which match the KEY's
name.
update-policy {
grant * selfsub *;
};
This allows a host once a KEY record is added to update its address
records and add SRV and other records below itself using SIG(0).
If you put a key record at the zone apex you can use that to add
KEY records for each of the hosts to let them control their own DNS
presence.
Mark
> On Mon, Oct 31, 2016 at 1:08 PM, Eldridge, Rod A [ITNET]
> <r...@iastate.edu> wrote:
> >
> > Wouldn't you just need this one SRV record:
> >
> >
> > [ see https://blogs.technet.microsoft.com/odsupport/2011/11/14/how-to-disco
> ver-office-and-windows-kms-hosts-via-dns-and-remove-unauthorized-instances/ ]
> >
> >
> > --
> > Rod Eldridge
> > Networks & Communications
> > IT Services, Iowa State University of Science and Technology
> >
> >
> >
> >> On Oct 31, 2016, at 11:35 AM, Stephen Pape <srp...@gmail.com> wrote:
> >>
> >
> >
> > --
> > Rod Eldridge
> > Networks & Communications
> > IT Services, Iowa State University of Science and Technology
> >
> >
> >
> >> On Oct 31, 2016, at 11:35 AM, Stephen Pape <srp...@gmail.com> wrote:
> >>
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Stephen Pape
Oct 31, 2016, 10:31:55 PM10/31/16
to Mark Andrews, Eldridge, Rod A [ITNET], bind-...@isc.org
Yeah, as I said in one of the other emails, I can script something
with nsupdate if necessary. I was just hoping there was a way to add a
simple record that'd take care of it all, but now I understand that
wildcards don't really work that way, so I've scripted something.
I don't have separate zones for each of the domains; rather there's a
single top level "foo" zone. A and Ptr records are added via
DHCP/rndc, and DHCP assigns "username.foo" domain names.
My approach feels a bit "hackish" to me. Now I have several hundred
CNAME records in the .foo zone, all pointing to the same SRV record.
I'll have to deal with removing old records as users are removed, and
I'll have to make sure the script runs reliably, but it works.
I appreciate the help, anyway!
-Stephen
with nsupdate if necessary. I was just hoping there was a way to add a
simple record that'd take care of it all, but now I understand that
wildcards don't really work that way, so I've scripted something.
I don't have separate zones for each of the domains; rather there's a
single top level "foo" zone. A and Ptr records are added via
DHCP/rndc, and DHCP assigns "username.foo" domain names.
My approach feels a bit "hackish" to me. Now I have several hundred
CNAME records in the .foo zone, all pointing to the same SRV record.
I'll have to deal with removing old records as users are removed, and
I'll have to make sure the script runs reliably, but it works.
I appreciate the help, anyway!
-Stephen
0 new messages