DNS override
LaMont Jones
lamont at canonical.com
Mon Mar 13 19:53:55 UTC 2017
On Mon, Mar 13, 2017 at 12:58:52PM -0500, Dustin Kirkland wrote:
> On Sun, Mar 12, 2017 at 4:30 PM, LaMont Jones <lamont at canonical.com> wrote:
> > On Sun, Mar 12, 2017 at 11:30:57AM -0500, Dustin Kirkland wrote:
> >> However, I'm also using MAAS, generally, for the DNS/DHCP of the
> >> machines on my network. Here, I'd like the devices which are not
> >> necessarily deployed by MAAS to also take advantage of the local
> >> mirror, with minimal per-machine configuration.
> >
> > What you are actually asking is "How do I get BIND to lie", which is
> > going to be problematic, and is likely to break totally if/when Canonical
> > starts DNSSEC signing of the ubuntu.com domain. And yes, that also
> > applies to dnsmasq, for anything in the resolution path that checks DNSSEC
> > signatures.
>
> Yes, that's exactly what I'm looking for! aka, "DNS spoofing" to some.
> So I've used the dnsmasq hack quite reliably for 9+ years at home on
> my dd-wrt router, tricking all local machines using my local dns to
> hit a local copy of archive.ubuntu.com.
The simplest solution, given that, is going to be to configure MAAS to
have an upstream DNS server that has your hack.
See also bug 1672220 -- if you want to do it directly in MAAS, and want
to point at any address other than the region controller, you would have
to hijack ubuntu.com (pending that bug being fixed.) You don't want to
do that...
> Right or wrong, this is what I'm trying to accomplish with MAAS...
Just know that it's not something we (or anyone sane) would even hint at
explaining to someone, and it will NEVER be supported, unless sanity has
departed from the supporting organization..
lamont
More information about the Maas-devel
mailing list