RE: CNAME only zone?

[Dixon, Justin]

 Also note that other workarounds will solve the same problem in a
better
 way.
 
 Care to enlighten me as to what those workarounds would be?


If all the use cases for the CNAME are for http traffic, just configure
an http server/load balancer/etc. under your control to return a 302 or
301 redirect back to the client browser and you maintain control if
needs change in the future.

1. Point DNS A record for shop4water.com to an IP of a webserver under
your control...
2. Use insert your favorite webserver here (using URL Rewrite rules,
perl, etc.) to send a redirect back to the browser to direct them to the
shop4water.hostedbywebstore.com URL.

Depending on whether you want to preserve the URL or not can vary the
type of redirects that you will be configuring but that is fairly simple
to setup on a variety of well known http servers.



 
 Also - why is it a registrar can do a CNAME only but we mere mortals
 can't?  In fact documentation from Amazon (it is apparently their web
 store I've since learned) suggests doing it at registrar so I'll
probably
 go that route but I'm wondering why it should work there but not on
one of
 my delegated name servers.
 
 
 
 
 
 -Original Message-
 From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-
 users-bounces+jlightner=water@lists.isc.org] On Behalf Of
/dev/rob0
 Sent: Friday, December 09, 2011 12:41 PM
 To: bind-users@lists.isc.org
 Subject: Re: CNAME only zone?
 
 On Friday 09 December 2011 10:25:36 Lightner, Jeff wrote:
  Is it possible to create a zone file that only contains a CNAME?
 
 As already answered, no.
 
  The request I got is to create a CNAME to point shop4water.com to
  shop4water.hostedbywebtstore.com.
 
 You can ask your registrar if they can/will do this in the parent
 com. zone. I have seen ugliness of this type from either Network
 Solutions or register.com before, not sure which.
 
  We own shop4water.com - hostedbywebstore.com is something external
  that we don't own.
 
 Do note that hostedbywebtstore is not the same as hostedbywebstore;
 we're sticklers for precise spelling.
 
 Also note that other workarounds will solve the same problem in a
 better way.
 --
 Offlist mail to this address is discarded unless
 /dev/rob0 or not-spam is in Subject: header
 ___
 Please visit https://lists.isc.org/mailman/listinfo/bind-users to
 unsubscribe from this list
 
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users
 
 
 
 
 Athena(r), Created for the Cause(tm)
 Making a Difference in the Fight Against Breast Cancer
 
 -
 CONFIDENTIALITY NOTICE: This e-mail may contain privileged or
confidential
 information and is for the sole use of the intended recipient(s). If
you
 are not the intended recipient, any disclosure, copying, distribution,
or
 use of the contents of this information is prohibited and may be
unlawful.
 If you have received this electronic transmission in error, please
reply
 immediately to the sender that you have received the message in error,
and
 delete it. Thank you.
 --
 
 ___
 Please visit https://lists.isc.org/mailman/listinfo/bind-users to
 unsubscribe from this list
 
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Script-kiddie / client IP query (cache) 'host/MX/IN' denied

[Dixon, Justin]

 I would like to know if I can block hosts doing that at the level of
 /etc/hosts.allow or should I do it at the level of Bind itself ?
 Use IPTables or add rules to your firewall. I don't believe that BIND
 pays any attention to /etc/hosts.allow

BIND has a blackhole option that will essentially perform the same
function...BIND will not even respond to IPs that are listed in the
blackhole statement in named.conf.

Check the BIND ARM for details on blackhole.

Thanks...

Justin Dixon

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: how to ignore external queries?

[Dixon, Justin]

This is an external option. Still good one, for sure.
I was just thinking if there is a way to do it on BIND options.

Thank you,
Julian




See the documentation on using the blackhole option in the BIND ARM

blackhole Specifies a list of addresses that the server will not accept
queries from or use to resolve a
query. Queries from these addresses will not be responded to. The
default is none.

http://www.isc.org/files/Bv9.6ARM.pdf


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: New BIND server

[Dixon, Justin]

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Hello BIND users,

 

I have setup a new Ubuntu 9.04 server with BIND9.

 

I have looked at a few tutorial and how to's like this one:

https://help.ubuntu.com/community/BIND9ServerHowto

 

but would like to get your tips and tricks to secure your BIND servers
before putting it into production.

 

Thanks,

 

Neosys

 

 

 

Aside from standard OS level hardening that should have already been
done, I would recommend looking over the following:

 

http://www.cymru.com/Documents/secure-bind-template.html

 

Thanks...

Justin

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Dual home DNS

[Dixon, Justin]

Hi,

We have two sets of customer IP ranges, for example first one is
10.0.0.0 and second one is 20.0.0.0

I want to know is it possible that I have one DNS Server with two IP
addresses in each range and whenever a client from 10.0.0.0 range send a
DNS query, my DNS server uses it's 10.0.0.0 IP to send a recursive query
out to resolve the address and vice versa?

 

Thanks in advance 

Nasser

 

See BIND ARM and/or the FAQ at www.isc.org http://www.isc.org/ . Read
the sections on views and query-source specifically.

 

Justin Dixon

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users