[Q] BIND secondary on RedHat 7.1
Bill Manning
bmanning at ISI.EDU
Tue Oct 9 22:09:35 UTC 2001
Yo, pawprint. You do realize that you have a false sense
of privacy here don't you? Think of how many people use
the prefix 192.168.1.0/24. Its huge. Hugely Huge. And since
many providers actually route RFC 1918 prefixes internal to
their own networks, (like RoadRunner... :) you have just
"opened your kimono" to anyone/everyone inside the rr.com
network to query & transfer your zones. This may not have
been what you expected.
YMMV
--bill
%
%
% What addresses do these "other machines" have? You're configured (the
% allow-query clause) to only allow queries from 192.168.1/24 and 127.0.0/24.
%
% - Kevin
%
% pawprint at NOSPAM.neo.rr.com wrote:
%
% > I have a RedHat 7.1 server set up and am trying to configure BIND to be a
% > secondary DNS server for my internal domain while also forwarding queries for
% > outside servers to my ISPs name servers. If I use nslookup on the
% > RedHat server everything appears to be working fine, but the server does not
% > answer queries from other machines. Named is starting up fine, appears to be
% > working fine from the server console, it just doesn't answer queries from
% > other machines.
% >
% > My primary nameserver is ISHMAEL at 192.168.1.2
% > The RedHat secondary is STARBUCK at 192.168.1.3 (this is the one that won't
% > answer queries).
% > The internal domain is savonarola.com
% >
% > my named.conf and resolv.conf files are below
% >
% > ## named.conf - configuration for bind
% > #
% > # Generated automatically by bindconf, alchemist et al.
% >
% > options {
% > directory "/var/named/";
% > forward first;
% > forwarders {65.24.0.167; 65.24.0.166;};
% > fetch-glue no;
% > recursion no;
% > allow-query { 192.168.1/24; 127.0.0/24; };
% > allow-transfer { 192.168.1.2; };
% > transfer-format many-answers;
% > };
More information about the bind-users
mailing list