Re: DNS: configure bind9 to resolve only a certain IP-range
On Mon, 23 Jun 2003, Hans Wilmer wrote:
> Arthur H. Johnson II wrote:
>
> > I guess I am not following what you are up to. How have you installed
> > BIND, from apt or from source?
>
> It´s been installed from apt, using dselect, so it´s the standard debian
> package.
>
> > When I configure a nameserver, I usually allow it to do "caching"
> > nameserving.
>
> In this case, the nameserver must also act as an authoritative server for
> our domain and the range of IPs we´ve got.
>
> > you can retrieve db.root from ftp://ftp.internic.com. Then configure your
> > zone files as you want them.
>
> Ja, the default files from the bind-package are there, and I´ve added our
> own zone files. So far, everything works.
>
> > These zone files will override the hint
> > zone, so if you configure yahoo.com to resolve to 192.168.0.0 subnet, it
> > will override whatever yahoo publishes as their domain.
>
> The zones I´ve added are as follows:
>
>
> zone "condor-werke.com" {
> type master;
> notify no;
> file "/etc/bind/condor-werke.com";
> };
>
> zone "condor-werke.de" {
> type master;
> notify no;
> file "/etc/bind/condor-werke.de";
> };
>
> zone "67.158.193.in-addr.arpa" {
> type master;
> notify no;
> file "/etc/bind/193.158.67";
> };
>
> zone "100.168.192.in-addr.arpa" {
> type master;
> file "/etc/bind/192.168.100";
> };
>
>
> The zones for ´condor-werke.com/.de´ are ok. As of yet, the DNS entries are
> handled otherwise, but this will be changed so that our own DNS server will
> handle them.
>
> The problem is the zone "67.158.193.in-addr.arpa". Within that zone, the
> server must only reverse-resolve the IPs of our *own* IP-range
> (193.158.67.64--193.158.67.71). The zone file looks like that:
>
>
> ;
> ; reverse condor-werke.com/.de
> ;
> ;
> $TTL 86400
>
> @ IN SOA stargate.condor-werke.com. root.condor-werke.com. (
> 200306230 ; serial
> 8H ; refresh
> 2H ; retry
> 1W ; expire
> 1D ) ; minimum TTL
>
> NS stargate.condor-werke.com.
>
> 64 PTR uu64.condor-werke.com.
> 65 PTR uu65.condor-werke.com.
> 66 PTR uu66.condor-werke.com.
>
> 67 PTR stargate.condor-werke.com.
>
> 68 PTR uu68.condor-werke.com.
> 69 PTR uu69.condor-werke.com.
> 70 PTR uu70.condor-werke.com.
> 71 PTR uu71.condor-werke.com.
>
>
> Having that zone, it seems to override anything that´s between 193.158.67.0
> and 193.158.67.255. This is what one would expect --- but it´s not what I need.
>
> What I need is a way to restrict the above zone to *only* the IPs listed in
> the zone file, i. e. to the range of our own addresses. How can I do that?
>
>
> GH
>
>
OH, finally the light comes on. I appologize for confusing things
further. I have never set up a DNS server like this, sorry I can't be of
more assistance.
--
Arthur H. Johnson II, arthur@usol.com
AIM: bytor4232
YIM: arthurjohnson
IRC: By-Tor@irc.debian.org
Reply to: