I'm looking for a way of getting our DNS server to do a reverse look-up in order to resolve placeholder values differently according to the requesting machine's IP address.
Variables
A placeholder value called SYSWEB to be resolved by DNS
Websites: www.website.dev.net and www.website.uat.net
Machines: Machine1 and Machine2
Conditions
If Machine1 attempts to connect to SYSWEB, the DNS server will
resolve it to www.website.dev.net
If Machine2 attempts to connect to SYSWEB, the DNS server will
resolve it to www.website.uat.net
I've already tried to do this with BIND DNS, following the implementation laid out here, but I have not made any progress worth noting....
The main problem I'm having is that I cannot allow the DNS to resolve an IP address from the placeholder value, it needs to be a domain name.
Surely someone out there has successfully done what I'm failing to do
You need to have two separate zone files and route access to the correct zone file based on views. This is usually called split-horizon DNS and there are plenty of examples on the net, e.g.
http://www.zytrax.com/books/dns/ch6/#split-view
http://www.knowplace.org/pages/howtos/split_view_with_bind_9_howto.php
Related
For example, I've a server hosted at my home with 2 NICs for redundancy obviously.
NIC1 has been assigned with the public IP 103.204.82.22 from ISP1
NIC2 has been assigned with the public IP 144.110.12.64 from ISP2
I can access the server with both IP as usual.
Now, I have a domain acme.com. I've created a subdomain server.acme.com. I want to point server.acme.com to both the IPs so that in case one ISP fails to provide connectivity my server still remains online with the other one.
I've already tried with A and CNAME records. But it isn't working. It's working with A record if I use only one IP for the subdomain.
Can anyone tell me what and how can I point both the IPs to the single subdomain?
Thanks in advance
What you are describing is called DNS round robin, but that won't give you your expected outcome.
Anything you do with DNS if one ISP connection is down, traffic will still go there.
You may have your terminology mixed up a little to start with.
in this case, I suspect you really mean that server.acme.com is a host record, rather than a subdomain. (A subdomain would mean that the server address would be at servername.server.acme.com)
If you create an A record, and put both IP addresses in, and keep the TTL (time to live) short, then when a client wants to contact your machine it will randomly pick one of the addresses. If that address is unavailable, it will move on to the next. If that address stops working, it will keep trying it for the 'TTL' time.
Presuming that the IP addresses don't change, which would be a different problem altogether, then this provide basic load balancing and failover to both connections.
Amazon provide a more advanced type of DNS, that will actively monitor your connections and only provide responses that are live. - https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html
I noticed that one of Google's mail servers (alt4.aspmx.l.google.com) points to 74.125.200.26, but when I do a reverse DNS lookup on that IP I see that the hostname associated with it is sa-in-f26.1e100.net. My limited understanding of DNS is that when you have a situation like that, one hostname is an alias of the other, but that's not the case here.
My initial goal was making a Python program that given an IP address and a hostname, returns a boolean answer indicating whether the IP belongs to a mail server of that domain. The algorithm I implemented used dig to search all mail servers of a domain and then tried to match any of them to the hostname associated with the given IP (which I found using dig -x). My program fails with the case I mentioned before. What am I missing?
Sorry for my bad english. Thanks!
Many services can run on one server/ipaddress, and many hostnames can resolve to one IP address. In the other direction, one ip address will most often resolve to only one hostname (if it has PTR record at all), and the name will very often be something generic like ip-xx-yy-zz-qq.networkcarrier.net (so unrelated to any of the services that are legitimately running on that server).
Depending on the purpose of your check, perhaps you can just test if the hostname A record points to the required IP address (because your initial requirement is flawed: ip addresses do not belong to domains, they belong to network providers).
(Still, for some purposes, most notably as anti spam measure, there is a use case for checking if ip address resolves to some particular hostname.)
I'm trying to get all the domains linked to a record like here
http://viewdns.info/reverseip/?host=23.227.38.68&t=1 but I'm getting no luck with dig 23.227.38.68 or nslookup 23.227.38.68. Any idea what I'm doing wrong?
The design of DNS does not support discovering every domain associated with a certain IP address. You may be able to retrieve one or more DNS names associated with the IP address through reverse IP lookup (PTR records), but does not necessarily give you all domains. In fact, it rarely will.
This is because the information you seek is scattered throughout the global DNS network and there is no single authoritative node in the network that has this information. If you think about it, you can point the DNS A record of your own domain to the IP of stackoverflow.com and that's perfectly valid, but anyone seeking to know this would have to find your DNS servers to figure this out. DNS does not provide any pointers for this, though.
Yet, certain "passive DNS" services (probably including viewdns.info) seem to overcome this limitation. These services all work by aggregating DNS data seen in the wild one way or another. At least one of these services works by monitoring DNS traffic passing through major DNS resolvers, building a database from DNS queries. For instance, if someone looks up yourdomain.com that points to 1.2.3.4 and the DNS query happens to pass through the monitored resolver, they take note of that. If a query for anotherdomain.com is seen later and it also resolves to 1.2.3.4, now they have two domains associated with 1.2.3.4, and so on. Note that due to the above, none of the passive DNS services are complete or real-time (they can get pretty close to either, though).
I have a couple EC2 instances behind an Elastic Load Balancer. These instances serve HTTP requests for a single web site. I recently started looking at the HOST header of the traffic, because I am planning to split my app into virtual hosts.
With some regularity (dozens of times a day), I log a request for a host name that is totally unrelated to my servers. As a couple examples, today I saw requests with the host names ad.adserverplus.com and r1---sn-upfn-hp5e.c.youtube.com. I looked these up and the IP addresses are not the same as any of my servers, nor of the ELB, so I am trying to develop a theory as to how this happens.
I realize that someone could be spoofing the host header, but it happens often enough that I am pretty sure this is not what is going on. My other idea is that somehow there is stale DNS data that just happens to resolve one of those hosts to my IP address, but again this seems like it could happen once in a great while but not regularly. What are some other possibilities, and how might I verify / discredit them?
EDIT
I looked at some of the unexpected host names today, and it seems that they actually do resolve to an IP that is one of the possible IPs that my domain apex resolves to. I use Route 53 for DNS, and I have the zone apex pointed to the ELB, so when I query the IP address for my domain, I get different answers depending on when I ask. So this makes me very curious, how do these IP addresses get assigned to me and how does EC2 make sure they are not co-opting an IP address that someone else is already using.
There are any number of reasons for this. First you should understand that the public host name for your EC2 instances and load balancers have likely been used before. If you have an elastic IP associated with your load balancer, it has also probably been used before.
As such you can get traffic to your servers that is intended for a previous tenant of that hostname of IP address that you are currently using.
One thing you can do is to configure your web servers to reject traffic (respond with 403) to traffic that is not arriving with the proper hostname specified or that comes from a specific external host.
Your IP or your ELBs IP may have at one point in time been an open proxy. meaning that someone is hoping that you would forward the requests on to their intended destination.
but in general open port 80 to the internet and all kinds of bots and zombies will visit you with a pretty constant flow of dodgy requests. I would imagine though that the \ec2 IP ranges would be a particularly juicy range to search for poorly patched websites to exploit.
Our application (RHEL 5/c++) uses the hostid as returned by gethostid for logging purposes. For some reason, the primary DNS server of the local network environment went offline. This resulted in massive problems in gethostid: The function call hangs for more than 60s, which lead to internal timeouts in our application. A call to hostid on the commandline also didn't return after several minutes. Once the DNS server was up again, the timeouts/problems both in the application and the hostid commandline tool disappeared.
My question is: How do I prevent gethostid from making DNS lookups? There`re some boundary conditions to the answer:
The file /etc/hostid must not exist.
Calling sethostid is not allowed.
Changing /etc/hosts is not possible.
I'm astonished this happens at all. As I understand gethostid it works like this:
Return the value of the last sethostid if it has been set manually.
Return hostid form /etc/hostid if the file exists.
Return the primary IP of the host if set.
Fail for other cases.
I don`t see the need for a DNS query.
To verify, that gethostid actually is dependend on a working DNS server, try this:
As root create/change your /etc/reslov.conf so it contains only invalid nameserver entries.
Call hostid on the commandline.
On my debian/squeeze installation this results in a hostid of 00000000 without any hangs. I assume the RedHat-version of hostid is different/older and results hangs.
I think preventing DNS lookups from gethostid is not really possible without breaking the system or violating one of the boundary conditions. On gnu.org I've found this comment on the sethostid function:
The proper way to establish the primary IP address of a system is to configure the IP address resolver to associate that IP address with the system's host name as returned by gethostname. For example, put a record for the system in /etc/hosts.
From this I conclude, that gethostid determines the IP like this:
Get the hostname from gethostname.
Determine the IP via gethostbyname (or a similar method).
Under the conditions, that the host name is not associated to an IP address in /etc/hosts and /etc/nsswitch.conf allows DNS lookups, a DNS lookup will be made by gethostid.