We instruct users to change DNS
There was recently a problem - to remove a couple of old DNS servers (provider, for users).
The problem was that a large number of users had these DNS statically assigned. So if you simply disable these DNS, a large number of calls would fall on tech support. And they didn’t want to hear their words on the ear.
The first option that came to mind is ISG Layer 4 Redirect : to collect user logins that go to the old DNS, and add them to the RADIUS-group with L4R. However, the user would not see the result of changes in their attitudes immediately, because the L4R group is changed by admins. Well, or would have to write a handful of scripts that would check whether the requests from this user stopped or not and, if so, change the group. In general, a lot of unnecessary, uninteresting work.
The second option is to redirect all requests to a web server with instructions for changing the DNS settings.
After a rather long search process (laziness was the most to think;)), it was not crowned with success, he began to think for himself, and after some time the solution came, and the simplest one: we give out to all users going to this DNS, one single address. At this address we raise nginx, which for any request will issue a page with instructions on how to change the DNS settings.
Settings for bind
/etc/bind/named/named.conf.local.dumb:
/etc/bind/db.dumb:
Settings for nginx
However, there is a problem - the OS and browsers cache DNS responses, and you have to add a fad about this in the instructions.
The problem was that a large number of users had these DNS statically assigned. So if you simply disable these DNS, a large number of calls would fall on tech support. And they didn’t want to hear their words on the ear.
The first option that came to mind is ISG Layer 4 Redirect : to collect user logins that go to the old DNS, and add them to the RADIUS-group with L4R. However, the user would not see the result of changes in their attitudes immediately, because the L4R group is changed by admins. Well, or would have to write a handful of scripts that would check whether the requests from this user stopped or not and, if so, change the group. In general, a lot of unnecessary, uninteresting work.
The second option is to redirect all requests to a web server with instructions for changing the DNS settings.
After a rather long search process (laziness was the most to think;)), it was not crowned with success, he began to think for himself, and after some time the solution came, and the simplest one: we give out to all users going to this DNS, one single address. At this address we raise nginx, which for any request will issue a page with instructions on how to change the DNS settings.
Settings for bind
/etc/bind/named/named.conf.local.dumb:
view "dumb" {
match-clients {dumb-clients; };
zone "." {type master; file "/etc/bind/db.dumb"; };
}; /etc/bind/db.dumb:
$ TTL 1m
@ IN SOA domain.name. dnsmaster.domain.name. (
four ; Serial
604800; Refresh
86400; Retry
2419200; Expire
604800); Negative Cache TTL
@ IN NS notify.domain.name.
* IN A <strong> address </ strong> Settings for nginx
server {
listen 80;
server_name notify.domain.name;
root / var / www / p80 /;
index index.html;
error_page 404 /index.html;
} However, there is a problem - the OS and browsers cache DNS responses, and you have to add a fad about this in the instructions.
')
Source: https://habr.com/ru/post/79421/
All Articles