[Q] BIND secondary on RedHat 7.1

Bill Manning bmanning at ISI.EDU
Tue Oct 9 22:09:35 UTC 2001



	Yo, pawprint.  You do realize that you have a false sense
	of privacy here don't you?  Think of how many people use
	the prefix 192.168.1.0/24.  Its huge. Hugely Huge.  And since
	many providers actually route RFC 1918 prefixes internal to
	their own networks, (like RoadRunner... :)  you have just 
	"opened your kimono" to anyone/everyone inside the rr.com
	network to query & transfer your zones.  This may not have 
	been what you expected.  

YMMV

--bill

% 
% 
% What addresses do these "other machines" have? You're configured (the
% allow-query clause) to only allow queries from 192.168.1/24 and 127.0.0/24.
% 
% - Kevin
% 
% pawprint at NOSPAM.neo.rr.com wrote:
% 
% > I have a RedHat 7.1 server set up and am trying to configure BIND to be a
% > secondary DNS server for my internal domain while also forwarding queries for
% > outside servers to my ISPs name servers. If I use nslookup on the
% > RedHat server everything appears to be working fine, but the server does not
% > answer queries from other machines.  Named is starting up fine, appears to be
% > working fine from the server console, it just doesn't answer queries from
% > other machines.
% >
% > My primary nameserver is ISHMAEL at 192.168.1.2
% > The RedHat secondary is STARBUCK at 192.168.1.3 (this is the one that won't
% > answer queries).
% > The internal domain is savonarola.com
% >
% > my named.conf and resolv.conf files are below
% >
% > ## named.conf - configuration for bind
% > #
% > # Generated automatically by bindconf, alchemist et al.
% >
% > options {
% >         directory "/var/named/";
% >         forward first;
% >         forwarders {65.24.0.167; 65.24.0.166;};
% >         fetch-glue no;
% >         recursion no;
% >         allow-query { 192.168.1/24; 127.0.0/24; };
% >         allow-transfer { 192.168.1.2; };
% >         transfer-format many-answers;
% > };


More information about the bind-users mailing list