The best method is via le response policy zone in Bind 9.8.1 ou newer. It allows you to override single records in arbitrary zones (and il y a no need to créez un whole subdomain for that, seulement le single record you want to change), it allows you to override CNAMEs, etc. Other solutions such as Unbound cannot override CNAMEs.
https://www.redpill-linpro.com/sysadvent/2015/12/08/dns-rpz.html
EDIT: Let's do this properly then. I will document what J'ai done based on le tutorial linked above.
My OS is Raspbian 4.4 for Raspberry Pi, mais le technique should work sans tout changes on Debian et Ubuntu, ou avec minimal changes on autre platforms.
Allez dans où votre Bind config files are kept on votre system - here c'est in /etc/bind. Create in there a file called db.rpz avec le suivant contents:
$TTL 60
@ IN SOA localhost. root.localhost. (
2015112501 ; serial
1h ; refresh
30m ; retry
1w ; expiry
30m) ; minimum
IN NS localhost.
localhost A 127.0.0.1
www.some-website.com A 127.0.0.1
www.other-website.com CNAME fake-hostname.com.
What does it do?
it overrides le IP address for www.some-website.com avec le fake address 127.0.0.1, effectively sending tous traffic for that site to le loopback address
it sends traffic for www.other-website.com to another site called fake-hostname.com
Anything that could go in a Bind zone file you can use here.
To activate these changes there are a peu de more steps:
Edit named.conf.local et add this section:
zone "rpz" {
type master;
file "/etc/bind/db.rpz";
};
The tutorial linked ci-dessus tells you to add more stuff to zone "rpz" { } mais c'est pas nécessaire in simple setups - what J'ai shown here is le minimum to make it work on votre local resolver.
Edit named.conf.options et somewhere in le options { } section add le response-policy option:
options {
// bunch
// of
// stuff
// please
// ignore
response-policy { zone "rpz"; };
}
Now restart Bind:
service bind9 restart
C'est it. The nameserver should begin overriding those records now.
If you need to make changes, juste edit db.rpz, alors restart Bind again.
Bonus: si you want to log DNS queries to syslog, so you can keep an eye on le proceedings, edit named.conf.local et make sure il y a a logging section that includes these statements:
logging {
// stuff
// already
// there
channel my_syslog {
syslog daemon;
severity info;
};
category queries { my_syslog; };
};
Restart Bind again et c'est it.
Test it on le machine running Bind:
dig @127.0.0.1 www.other-website.com. any
If you run dig on a différent machine juste use @the-ip-address-of-Bind-server à la place of @127.0.0.1
J'ai used this technique avec great success to override le CNAME for a website J'étais working on, sending it to a nouveau AWS load balancer that J'étais juste testing. A Raspberry Pi was used to run Bind, et le RPi was aussi configured to function as a WiFi router - so by connecting devices to le SSID running on le RPi I would get le DNS overrides I needed for testing.
