Re: DNS: configure bind9 to resolve only a certain IP-range

To: "Arthur H. Johnson II" <arthur@usol.com>
Cc: Debian User List <debian-user@lists.debian.org>
Subject: Re: DNS: configure bind9 to resolve only a certain IP-range
From: Hans Wilmer <hwilmer@condor-werke.com>
Date: Mon, 23 Jun 2003 18:50:46 +0200
Message-id: <[🔎] 3EF72FE6.9070407@condor-werke.com>
In-reply-to: <[🔎] Pine.LNX.4.56.0306231200020.26278@cygnus>
References: <[🔎] 3EF6FB0D.9040807@condor-werke.com> <[🔎] Pine.LNX.4.56.0306231130260.26278@cygnus> <[🔎] 3EF7231C.4000600@condor-werke.com> <[🔎] Pine.LNX.4.56.0306231200020.26278@cygnus>

Arthur H. Johnson II wrote:

I guess I am not following what you are up to.  How have you installed
BIND, from apt or from source?

It´s been installed from apt, using dselect, so it´s the standard debianpackage.

When I configure a nameserver, I usually allow it to do "caching"
nameserving.

In this case, the nameserver must also act as an authoritative server forour domain and the range of IPs we´ve got.

you can retrieve db.root from ftp://ftp.internic.com.  Then configure your
zone files as you want them.

Ja, the default files from the bind-package are there, and I´ve added ourown zone files. So far, everything works.

These zone files will override the hint
zone, so if you configure yahoo.com to resolve to 192.168.0.0 subnet, it
will override whatever yahoo publishes as their domain.


The zones I´ve added are as follows:


zone "condor-werke.com" {
	type master;
	notify no;
	file "/etc/bind/condor-werke.com";
};

zone "condor-werke.de" {
	type master;
	notify no;
	file "/etc/bind/condor-werke.de";
};

zone "67.158.193.in-addr.arpa" {
	type master;
	notify no;
	file "/etc/bind/193.158.67";
};

zone "100.168.192.in-addr.arpa" {
	type master;
	file "/etc/bind/192.168.100";
};

The zones for ´condor-werke.com/.de´ are ok. As of yet, the DNS entries arehandled otherwise, but this will be changed so that our own DNS server willhandle them.

The problem is the zone "67.158.193.in-addr.arpa". Within that zone, theserver must only reverse-resolve the IPs of our *own* IP-range(193.158.67.64--193.158.67.71). The zone file looks like that:



;
;	reverse condor-werke.com/.de
;
;
$TTL 86400

@	IN	SOA	stargate.condor-werke.com. root.condor-werke.com. (
			200306230	; serial
			8H		; refresh
			2H		; retry
			1W		; expire
			1D )		; minimum TTL

		NS	stargate.condor-werke.com.

64		PTR	uu64.condor-werke.com.
65		PTR	uu65.condor-werke.com.
66		PTR	uu66.condor-werke.com.

67		PTR	stargate.condor-werke.com.

68		PTR	uu68.condor-werke.com.
69		PTR	uu69.condor-werke.com.
70		PTR	uu70.condor-werke.com.
71		PTR	uu71.condor-werke.com.

Having that zone, it seems to override anything that´s between 193.158.67.0and 193.158.67.255. This is what one would expect --- but it´s not what I need.

What I need is a way to restrict the above zone to *only* the IPs listed inthe zone file, i. e. to the range of our own addresses. How can I do that?

GH

Reply to:

Follow-Ups:
- Re: DNS: configure bind9 to resolve only a certain IP-range
  - From: "Arthur H. Johnson II" <arthur@usol.com>
- Re: DNS: configure bind9 to resolve only a certain IP-range
  - From: Noah Meyerhans <noahm@debian.org>

References:
- DNS: configure bind9 to resolve only a certain IP-range
  - From: Hans Wilmer <hwilmer@condor-werke.com>
- Re: DNS: configure bind9 to resolve only a certain IP-range
  - From: "Arthur H. Johnson II" <arthur@usol.com>
- Re: DNS: configure bind9 to resolve only a certain IP-range
  - From: Hans Wilmer <hwilmer@condor-werke.com>
- Re: DNS: configure bind9 to resolve only a certain IP-range
  - From: "Arthur H. Johnson II" <arthur@usol.com>

Prev by Date: Re: debian installer (an idea)
Next by Date: What's going on with Gnome in "testing"?
Previous by thread: Re: DNS: configure bind9 to resolve only a certain IP-range
Next by thread: Re: DNS: configure bind9 to resolve only a certain IP-range
Index(es):
- Date
- Thread