Re: DNS: configure bind9 to resolve only a certain IP-range

Mon, 23 Jun 2003 10:10:54 -0700

Arthur H. Johnson II wrote:

I guess I am not following what you are up to.  How have you installed
BIND, from apt or from source?

Itīs been installed from apt, using dselect, so itīs the standard debian package.

When I configure a nameserver, I usually allow it to do "caching"
nameserving.

In this case, the nameserver must also act as an authoritative server for our domain and the range of IPs weīve got.

you can retrieve db.root from ftp://ftp.internic.com.  Then configure your
zone files as you want them.

Ja, the default files from the bind-package are there, and Iīve added our own zone files. So far, everything works.

These zone files will override the hint
zone, so if you configure yahoo.com to resolve to 192.168.0.0 subnet, it
will override whatever yahoo publishes as their domain.

The zones Iīve added are as follows:


zone "condor-werke.com" {
        type master;
        notify no;
        file "/etc/bind/condor-werke.com";
};

zone "condor-werke.de" {
        type master;
        notify no;
        file "/etc/bind/condor-werke.de";
};

zone "67.158.193.in-addr.arpa" {
        type master;
        notify no;
        file "/etc/bind/193.158.67";
};

zone "100.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/192.168.100";
};


The zones for īcondor-werke.com/.deī are ok. As of yet, the DNS entries are handled otherwise, but this will be changed so that our own DNS server will handle them.

The problem is the zone "67.158.193.in-addr.arpa". Within that zone, the server must only reverse-resolve the IPs of our *own* IP-range (193.158.67.64--193.158.67.71). The zone file looks like that:


;
;       reverse condor-werke.com/.de
;
;
$TTL 86400

@       IN      SOA     stargate.condor-werke.com. root.condor-werke.com. (
                        200306230       ; serial
                        8H              ; refresh
                        2H              ; retry
                        1W              ; expire
                        1D )            ; minimum TTL

NS stargate.condor-werke.com.

64              PTR     uu64.condor-werke.com.
65              PTR     uu65.condor-werke.com.
66              PTR     uu66.condor-werke.com.

67 PTR stargate.condor-werke.com.

68              PTR     uu68.condor-werke.com.
69              PTR     uu69.condor-werke.com.
70              PTR     uu70.condor-werke.com.
71              PTR     uu71.condor-werke.com.


Having that zone, it seems to override anything thatīs between 193.158.67.0 and 193.158.67.255. This is what one would expect --- but itīs not what I need.

What I need is a way to restrict the above zone to *only* the IPs listed in the zone file, i. e. to the range of our own addresses. How can I do that?


GH



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to