On Tue, Aug 30, 2005 at 08:56:13AM +1000, Richard Luckhurst ([EMAIL PROTECTED]) wrote: > Thanks James
[snip] > Have a look at the bind 9 admin reference: > > http://www.nominum.com/content/documents/bind9arm.pdf > specifically sections 6.2.19 and 6.2.20 (page 80). > In the example below note that: * directory is the root of the named tree * "data" is SUB directory of the directory statement in the options section * forwarders is what the ISP has given to you * version is a later thing so people cant find out whether you have a buggy bind * in the internal you must set recursion to yes * in the external you must set recursion to no * observe the "match-clients" statement, VERY important. * make sure that for the domains YOU ARE responsible to set forwarders to nothing!!!!!! * the forwarders statement in the options section is only for your *INTERNAL* network to recurse to the next DNS server (your isp) in case your DNS server does not have it in cache! ---------------------------------------------------------- example acl "internal" { localhost; 192.168.0.0/16; }; options { directory "/var/named"; forwarders { YOUR_UPSTREAM_ISP_DNS_SERVER(s); }; query-source port 53; version "Not_Disclosed"; }; view "internal" { match-clients { "internal"; }; recursion yes; zone "." { type hint; file "root.hints"; }; zone "YOURDOMAIN"{ type master; file "data/YOURDOMAIN.internal"; forwarders {}; allow-update { localhost; }; }; }; view "external" { match-clients { any; }; recursion no; zone "." { type hint; file "root.hints"; }; zone "YOURDOMAIN"{ type master; file "data/YOURDOMAIN.external"; forwarders {}; allow-update { localhost; }; }; } -- Don't rejoice in his defeat, You men. For though the world stood up and stopped the Bastard, the Bitch that bore him is in heat again. - Bertold Brecht. __, Jobst Schmalenbach, Technical Director _ _.--'-n_/ Barrett Consulting Group P/L & The Meditation Room P/L -(_)------(_)= +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
