
<!DOCTYPE html>

<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p>My understanding of DNS protocols and the end user's OS is that

      it is programmed with 2 or 3(usually) recursive DNS servers to

      query for all of the end user's needs. And that the recursive DNS

      follows the trail of DNS to find the answer the end user needs. 

      In which case the end users ip address is never going to hit or

      ask your load balancer any questions.</p>

    <p>The only way I can think of is to segregate those that need to

      query for that sub-zone by the recursive DNS server they are

      allowed to use and give that subset of recursive DNS servers that

      ability to query that sub-zone.</p>

    <p>Lyle Giese<br>

    </p>

    <div class="moz-cite-prefix">On 2/26/24 15:09, daniel majela wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:CAG2UOQ_n79jAEy7Ukgo_+SJp7SEpcWEphJhmfpRcnZmEXBBefQ@mail.gmail.com">

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      <div dir="ltr">

        <div dir="ltr"><span class="gmail-jCAhz gmail-ChMk0b"

style="background-color:rgb(210,227,252);color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px"><span

              class="gmail-ryNqvb">Hey guys.</span></span><span

            class="gmail-jCAhz"

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span

              class="gmail-ryNqvb">

            </span></span><span class="gmail-jCAhz gmail-ChMk0b"

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span

              class="gmail-ryNqvb">I have "n" DNS servers on the

              network.</span></span><span

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)">

          </span><span class="gmail-jCAhz gmail-ChMk0b"

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span

              class="gmail-ryNqvb">I would like to configure a sub-zone

              that I will not publish on the network.</span></span><span

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)">

          </span><span class="gmail-jCAhz gmail-ChMk0b"

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span

              class="gmail-ryNqvb">Example would be:</span></span><span

            class="gmail-jCAhz"

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span

              class="gmail-ryNqvb">

            </span></span><span class="gmail-jCAhz gmail-ChMk0b"

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span

              class="gmail-ryNqvb"><a href="http://example.com.br"

                moz-do-not-send="true">example.com.br</a> and my subzone

              would be <a href="http://gslb.exemplo.com.br"

                moz-do-not-send="true">gslb.exemplo.com.br</a>.</span></span><span

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)">

          </span><span class="gmail-jCAhz gmail-ChMk0b"

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span

              class="gmail-ryNqvb">On the server that owns the <a

                href="http://gslb.exemplo.com.br" moz-do-not-send="true">gslb.exemplo.com.br</a>

              sub-zone, which is an ADNS balancer, I will add some

              targeting policies based on the origin IP.</span></span><span

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)">

          </span><span class="gmail-jCAhz gmail-ChMk0b"

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span

              class="gmail-ryNqvb">The problem is that the IP address

              that calls gslb is the server that owns the <a

                href="http://example.com.br" moz-do-not-send="true">example.com.br</a>

              zone and not the user's IP address and this way the policy

              will not work.</span></span><span

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)">

          </span><span class="gmail-jCAhz gmail-ChMk0b"

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span

              class="gmail-ryNqvb">I need the IP of the user's revolver

              to reach my ADNS and not the IP of the Resolver that owns

              <a href="http://exemplification.com.br"

                moz-do-not-send="true">exemplification.com.br</a>.</span></span><span

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)">

          </span><span class="gmail-jCAhz gmail-ChMk0b"

style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span

              class="gmail-ryNqvb">If anyone has a tip and if there is a

              solution, I would appreciate it.</span></span></div>

        <div dir="ltr"><font

            face="Roboto, RobotoDraft, Helvetica, Arial, sans-serif"

            color="#3c4043"><span style="font-size:18px"><br>

            </span></font></div>

        <div dir="ltr"><font

            face="Roboto, RobotoDraft, Helvetica, Arial, sans-serif"

            color="#3c4043"><span style="font-size:18px"><br clear="all">

            </span></font>

          <div><br>

          </div>

          <span class="gmail_signature_prefix">-- </span><br>

          <div dir="ltr" class="gmail_signature">

            <div dir="ltr">

              <div>Daniel Majela Galvão<br>

                <a

href="http://br.linkedin.com/pub/daniel-souza/6/1b1/774"

                  title="Visualizar perfil público"

name="SignatureSanitizer_SafeHtmlFilter_UNIQUE_ID_SafeHtmlFilter_webProfileURL"

                  target="_blank" moz-do-not-send="true"

                  class="moz-txt-link-freetext">http://br.linkedin.com/pub/daniel-souza/6/1b1/774</a><br>

                <br>

                (55-012) - 9-8201-9885<br>

                (55-012) - 9-9761-1511<br>

                (55-012) - 32076909<br>

              </div>

            </div>

          </div>

        </div>

      </div>

      <br>

      <fieldset class="moz-mime-attachment-header"></fieldset>

      <pre class="moz-quote-pre" wrap="">_______________________________________________

dns-operations mailing list

<a class="moz-txt-link-abbreviated" href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a>

<a class="moz-txt-link-freetext" href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a>

</pre>

    </blockquote>

  </body>

</html>