Re: BIND problem

Fri, 23 Sep 2005 09:20:08 -0700 

On Fri, 2005-09-23 at 09:41 -0600, Michael Torrie wrote:
> On Thu, 2005-09-22 at 16:13 -0600, Corey Edwards wrote:
> > I'm doing that for a few zones, actually. The one caveat is that
> > subdomain.foo.example.com will *not* work. Generally speaking, that
> > shouldn't be a problem.
> 
> I've figured out a way to do what I want to do.  This is a horrible
> abuse of DNS, but it works.  Basically I run the *.chem.byu.edu domain,
> but I also host a few sites like rexleerun.byu.edu and
> cancerresearch.byu.edu that are coming from my DMZ.  The problem is that
> from inside my private network, due to translation issues, I cannot
> directly access the outside IP address that maps to the private ip
> address of the server inside my DMZ.  So in order to give access to
> these sites for my users inside my private network, I have to intercept
> DNS requests for theses sites and return the private IP address instead
> of the public on.  So I ended up setting up an authoritative zone file
> for each of my hosted sites with just one entry in it. For example:
> 
> $TTL 10800      ; 3 hours
> rexleerun.byu.edu.      IN SOA  ns1.chem.byu.edu. csr.chem.byu.edu. (
>                                 1        ; serial
>                                 10800      ; refresh (3 hours)
>                                 3600       ; retry (1 hour)
>                                 604800     ; expire (1 week)
>                                 3600       ; minimum (1 hour)
>                                 )
>                         NS      ns1.chem.byu.edu.
> 
> $TTL 10800      ; 3 hours
> rexleerun.byu.edu.      IN      A       192.168.200.52
> 
> This pretends that rexleerun.byu.edu is actually a DNS domain in its own
> right, but with only itself as the sole ip address in this domain.
> 
> I have to make a separate zone for each of my hosted sites, but that's
> not too bad.  Anything that is *.byu.edu passes through just fine, even
> *.cs.byu.edu or *.et.byu.edu.

Sounds just like the problem I was having which prompted me to figure
this out. It's been working fine for many months, so I expect it'll work
fine for you too.

> Thanks for suggesting this idea.  With a little modification it works
> well for me.  If you wanted to block yro.slashdot.org you could probably
> do something similar.

I want to block *all* of /. and in fact I have been. I went /. free cold
turkey and I highly recommend it to everyone.

Corey

Attachment: signature.asc
Description: This is a digitally signed message part

/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/

Reply via email to