[SOLVED] How to configure local DNS to route *.abc.xyz to one host?

hal2100 · September 25, 2017, 10:09am

Hi,

I have a server with several docker services running. All of them are reachable through e.g. mail.abc.xyz, note.abc.xyz, etc. The external DNS uses this “zone” abc.xyz to assign the IP, as far as I understand.

Forwarding and all works great from the outside, but inside the LAN I cannot reach the server and the services with the external address. How can I make either a Lua script for knot or other config changes to make sure *.abc.xyz is always routed to the server?

I want to avoid to configure each subservice by hand:
mail.abc.xyz 192.168.1.3
note.abc.xyz 192.168.1.3
www.abc.xyz 192.168.1.3

*.abc.xxyz 192.168.1.3 is not allowed.

vcunat · September 25, 2017, 10:32am

This is quite a FAQ. I recommend How to access lan ressources from guest network

EDIT: note that lines in hosts-like files have syntax “IP NAME” and not the other way.

hal2100 · September 25, 2017, 1:26pm

No, I solved the problem stated there already.

I want to find a solution which saves me the work to write each line in the hosts file for each (dynamic) service on the server.

The “*” is important here ==>> *.abc.xyz

vcunat · September 25, 2017, 1:46pm

Right, I missed the “avoid” word somehow

A few lines in config can do that. It’s not too well documented how to write such snippets, unfortunately, at least not all parts, but one can just imitate similar use cases in policy.lua.

local function genRR (state, req)
	local answer = req.answer
	local qry = req:current()
	if qry.stype ~= kres.type.A then
		return state
	end
	ffi.C.kr_pkt_make_auth_header(answer)
	answer:rcode(kres.rcode.NOERROR)
	answer:begin(kres.section.ANSWER)
	answer:put(qry.sname, 900, answer:qclass(), kres.type.A, '\192\168\1\3')
	return kres.DONE
end

policy.add(policy.suffix(genRR, { todname('abc.xyz.') }))

Nitpick note: this answers even for abc.xyz. name and any deeper subdomain.

vcunat · September 25, 2017, 1:56pm

And, it might not be obvious how to add custom config, so the best way should be to add something like

option include_config '/etc/kresd/custom.conf'

into /etc/config/resolver, section 'kresd'.

einar · September 26, 2017, 4:46am

~~It doesn’t seem to work here on 3.8.1 .I just changed the answer (\192\168\10\67) and the name in todname (palver.lan.), but I always get a domain not found:~~
Nevermind, forgot to add the custom config…

hal2100 · September 26, 2017, 9:36am

Nice, I looked at the policy section of the documentation and guessed it had something to do with the suffix, but I mistook “forward” as the answer in the beginning.

What is the reason for the dot “.” at the end of the domain? And is there a knot / kresd cookbook somewhere? Because it looks like a common thing to write answers like this.

PS: I already have a custom config, for the old “reroute the .lan stuff to dnsmasq” hack. Maybe time to take this one out now that it is in the main config.

Thanks!

vcunat · September 26, 2017, 9:58am

Dot at the end is optional. It’s a kind of tradition, as in some other contexts the names without an end dot get some default suffix added, e.g. see wiki.

I don’t know of any cookbook. There’s documentation with examples for basic usage, but that doesn’t cover the code above. (I’m kresd developer; it’s not very common to write such code AFAIK but perhaps not too hard.)