salut
am un bind nameserver* configurat ca master pe o zona intr-un view si
doresc ca pentru interogarile sosite pentru o inregistrare de tip
CNAME sa faca recursion
(sa-i fie comunicat clientului direct adresa ip). in acelasi timp
doresc ca pentru acel view pe care am definita zona sa nu fie activat
recursion.
pentru asta am incercat urmatoarea configuratie de named.conf.
pentru a proteja clientul ip-urile au fost inlocuite cu 1.1.1.1, iar
numele de domeniu cu domeniu.ro
root@server:~# cat /etc/bind/named.conf /etc/bind/named.conf.options
/etc/bind/named.conf.local|egrep -v '^#|* $|^\/'
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
acl all { 0.0.0.0/0; };
acl query { 192.168.1.0/24; };
acl axfr { 127.0.0.0/8; };
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
max-ncache-ttl 1;
auth-nxdomain no; # conform to RFC1035
listen-on { any; };
allow-recursion { query; };
allow-query { query; };
allow-transfer { axfr; };
version "I/O error reading version";
additional-from-auth yes;
additional-from-cache yes;
};
logging {
category lame-servers { null; };
};
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
view "intern" {
include "/etc/bind/zones.rfc1918";
match-clients { query; };
zone "domeniu.ro" {
type master;
file "db.domeniu.ro-intern";
allow-update { key "rndc-key"; };
};
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "db.1.168.192";
allow-update { key "rndc-key"; };
};
zone "." { type hint; file "/etc/bind/db.root"; };
zone "localhost" { type master; file "/etc/bind/db.local"; };
zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; };
zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; };
zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; };
};
view "extern" {
include "/etc/bind/zones.rfc1918";
match-clients { all; };
zone "domeniu.ro" {
type master;
file "db.domeniu.ro-extern";
allow-query { all; };
};
};
root@domeniu:~# cat /var/cache/bind/db.domeniu.ro-extern
$ORIGIN domeniu.ro.
$TTL 86400
@ SOA auth02.ns.de.uu.net. yp.domeniu.de. (
2011101901 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
@ MX 10 mx.domeniu.ro.
@ A 1.1.1.1
@ NS auth52.ns.de.uu.net.
@ NS auth02.ns.de.uu.net.
mail A 1.1.1.1
www A 1.1.1.1
mx A 1.1.1.1
test10 CNAME www.google.com.
cind interoghez ip-ul serverului de la un ip extern, raspunsul e urmatorul:
root@statie:~# host test10.domeniu.ro ip-ul-named-ului
Using domain server:
Name: ip-ul-named-ului
Address: 82.76.154.100#53
Aliases:
test10.domeniu.ro is an alias for www.google.com.
Host www.google.com not found: 5(REFUSED)
Host www.google.com not found: 5(REFUSED)
Ce trebuie modificat astfel incit sa imi faca si recursion, dar doar
pentru acel out-of-zone record?
*ii bind9 1:9.6.ESV.R4+dfsg-0+lenny3
Internet Domain Name Server
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
