1

the company has changed to Zscaler private access, and now connections for an IP are no longer working.

What is working, is a hostname, as it get's translated to 100.64.x.y and then routed to the drop off in the datacenter.

My question now: is there a way to tell bind, to resolve something like 10.1.1.1.ip.domain.com to 10.1.1.1 without adding 16M records? Something like "* IN A *" is not working?

Thanks

Improve this question

1 Answer 1

Reset to default
0

I've not played with this, and I don't believe Bind is the correct tool for the job.

I would be very surprised if this can be done using a typical Bind configuration file, but I expect using a DLZ (dynamically linked module) this could be done - probably using an SQL query. That said, I would think running a dns system with native sql support might work better (ProDNS?)

That said, it does not make sense to me that IP connections no longer work, and you may want to explore and fix this underlying issue. (I cant see how something external to your computers can intercept the stack and break connecting to an IP while allowing a lookup to that IP to then resolve and connect to that IP can work)

Improve this answer
6
  • To give you an idea how and why it is broken:
    – docc
    Commented Jan 17, 2019 at 19:37
  • Did you mean to add a link in there?
    – davidgo
    Commented Jan 17, 2019 at 19:42
  • To give you an idea how and why it is broken: I am working remotely, and have a local Zscaler application on the laptop, which is basically a kind of VPN, allowing access to internal resources. If you resolve a hostname like host.internaldomain.com, internal let's say 10.1.1.1, it is translated to something 100.64.x.y, and the Zscaler client then transfers that request across the app to the internal dropoff in the datacenter. Some kind of NAT so to say. Any direct connection attempt based on IP is not handled by the local client. Some of the company services are only known by IP
    – docc
    Commented Jan 17, 2019 at 19:48
  • Surely then you only need to add those company services to DNS?
    – davidgo
    Commented Jan 17, 2019 at 19:53
  • Sure, that is the best solution. But you hit barriers in NetOps, taking the output of any command like "show standby", lldp or alike, which only outputs IPs and you wanna login to it. Sure you can use socks proxy.
    – docc
    Commented Jan 17, 2019 at 20:13

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .