<div dir="ltr"><div dir="ltr"><span class="gmail-jCAhz gmail-ChMk0b" style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span class="gmail-ryNqvb">Lyle....</span></span><span class="gmail-jCAhz" style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span class="gmail-ryNqvb">
</span></span><span class="gmail-jCAhz gmail-ChMk0b" style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span class="gmail-ryNqvb">Talvez colocar essa subzona em cada servidor DNS também possa resolver.</span></span><span class="gmail-jCAhz" style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span class="gmail-ryNqvb">
</span></span><span class="gmail-jCAhz gmail-ChMk0b" style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span class="gmail-ryNqvb">Eu vou tentar fazer isso.</span></span><span class="gmail-jCAhz" style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span class="gmail-ryNqvb">
</span></span><span class="gmail-jCAhz gmail-ChMk0b" style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span class="gmail-ryNqvb">muito obrigado.</span></span><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em seg., 26 de fev. de 2024 às 20:07, Lyle Giese <<a href="mailto:lyle@lcrcomputer.net">lyle@lcrcomputer.net</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>
<div>
<p>My understanding of DNS protocols and the end user's OS is that
it is programmed with 2 or 3(usually) recursive DNS servers to
query for all of the end user's needs. And that the recursive DNS
follows the trail of DNS to find the answer the end user needs.
In which case the end users ip address is never going to hit or
ask your load balancer any questions.</p>
<p>The only way I can think of is to segregate those that need to
query for that sub-zone by the recursive DNS server they are
allowed to use and give that subset of recursive DNS servers that
ability to query that sub-zone.</p>
<p>Lyle Giese<br>
</p>
<div>On 2/26/24 15:09, daniel majela wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr"><span style="background-color:rgb(210,227,252);color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px"><span>Hey guys.</span></span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span>
</span></span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span>I have "n" DNS servers on the
network.</span></span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)">
</span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span>I would like to configure a sub-zone
that I will not publish on the network.</span></span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)">
</span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span>Example would be:</span></span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span>
</span></span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span><a href="http://example.com.br" target="_blank">example.com.br</a> and my subzone
would be <a href="http://gslb.exemplo.com.br" target="_blank">gslb.exemplo.com.br</a>.</span></span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)">
</span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span>On the server that owns the <a href="http://gslb.exemplo.com.br" target="_blank">gslb.exemplo.com.br</a>
sub-zone, which is an ADNS balancer, I will add some
targeting policies based on the origin IP.</span></span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)">
</span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span>The problem is that the IP address
that calls gslb is the server that owns the <a href="http://example.com.br" target="_blank">example.com.br</a>
zone and not the user's IP address and this way the policy
will not work.</span></span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)">
</span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span>I need the IP of the user's revolver
to reach my ADNS and not the IP of the Resolver that owns
<a href="http://exemplification.com.br" target="_blank">exemplification.com.br</a>.</span></span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)">
</span><span style="color:rgb(60,64,67);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:18px;background-color:rgb(245,245,245)"><span>If anyone has a tip and if there is a
solution, I would appreciate it.</span></span></div>
<div dir="ltr"><font face="Roboto, RobotoDraft, Helvetica, Arial, sans-serif" color="#3c4043"><span style="font-size:18px"><br>
</span></font></div>
<div dir="ltr"><font face="Roboto, RobotoDraft, Helvetica, Arial, sans-serif" color="#3c4043"><span style="font-size:18px"><br clear="all">
</span></font>
<div><br>
</div>
<span class="gmail_signature_prefix">-- </span><br>
<div dir="ltr" class="gmail_signature">
<div dir="ltr">
<div>Daniel Majela Galvão<br>
<a href="http://br.linkedin.com/pub/daniel-souza/6/1b1/774" title="Visualizar perfil público" name="m_-6429653502522582092_SignatureSanitizer_SafeHtmlFilter_UNIQUE_ID_SafeHtmlFilter_webProfileURL" target="_blank">http://br.linkedin.com/pub/daniel-souza/6/1b1/774</a><br>
<br>
(55-012) - 9-8201-9885<br>
(55-012) - 9-9761-1511<br>
(55-012) - 32076909<br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
dns-operations mailing list
<a href="mailto:dns-operations@lists.dns-oarc.net" target="_blank">dns-operations@lists.dns-oarc.net</a>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net" target="_blank">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
</blockquote></div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div>Daniel Majela Galvão<br><a href="http://br.linkedin.com/pub/daniel-souza/6/1b1/774" title="Visualizar perfil público" name="SignatureSanitizer_SafeHtmlFilter_UNIQUE_ID_SafeHtmlFilter_webProfileURL" target="_blank">http://br.linkedin.com/pub/daniel-souza/6/1b1/774</a><br><br>(55-012) - 9-8201-9885<br>(55-012) - 9-9761-1511<br>(55-012) - 32076909<br></div></div></div>