[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] NAMED query
On Tue, 19 Mar 2002, David Morris wrote:
> We've got, I suspect, an old version of named (I can't find a way of getting
> the version!) running on our (402 day uptime) 2.0.36 kernel Linux box.
dig version.bind chaos txt [at] localhost, if your shell is on said Linux box.
If that doesn't reply, then your version of BIND is seriously ancient and
should be upgraded before someone 0wns your box, or takes it out via a DoS
attack. See <http://www.isc.org/products/BIND/bind-security.html> for
details.
> The question is does anyone know a way of controlling which domains are
> resolved on which server?
With BIND 4, which you're running (named.boot was replaced by named.conf
in BIND 8), I'm not sure; with BIND 8, it's trivial (you can create a zone
of type "forward"; all queries for that zone will be sent to the specified
DNS server for resolution). FWIW, you shouldn't be running BIND 4 at all
- it's not secure. Some here will tell you to grab djdns to replace BIND;
I'd suggest BIND 8.3.1. Compile and test it *with your real zone files*
on a development box first; BIND 8 is *much* more fussy about broken zone
files than BIND 4 was.
> With the advent of our corporate VPN WAN, I've changed our 'followers' line
> in /etc/named.boot to include the central DNS server in Pittsburgh as the
> first 'hit' followed by the primary and secondary DNS of our ISP. However,
> this is inefficient because Pittsburgh get first stab at resolving
> everything but they're 100+ms away whereas Plusnet are just up the road!
>
> What I'd like to do is resolve anything for alleghenytechnologies.com or
> alleghenyludlum.com (for example) on the corporate WAN server and send the
> rest out to a more local NS.
If you're using BIND 8 or 9, you've have this in your named.conf:
---------- Cut Here ----------
zone "alleghenytechnologies.com" {
type forward;
forward only;
forwarders {
192.168.1.45; // This should be the IP address of your
// corporate WAN server
};
};
zone "alleghenyludlum.com" {
type forward;
forward only;
forwarders {
192.168.1.45; // This should be the IP address of your
// corporate WAN server
};
};
---------- Cut Here ----------
As you can see, the syntax is entirely different to named.boot syntax.
There's a script in the BIND source tarball to convert named.boot to
named.conf format; if you need any help, feel free to ask :)
Cheers
Richard
--
Richard Stevenson, Systems Specialist, Xtra Limited
Phone: +64 9 355 5231 Mobile: +64 25 290 3101 Pager: +64 26 100 155
I'm just glad that I live somewhere where my local fromagerie
can offer me a prescription-strength Brie, weapons-grade mature
Stilton, and a rather fine Shropshire Blue, openly and without
fear of prosecution.
-- Tanuki the Raccoon-Dog
___________________________________________________________________
Sheffield Linux User's Group - http://www.sheflug.co.uk .
To unsubscribe from this list send mail to
shef-lug-request@list.sheflug.org.uk with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.