Date: Tue, 27 Mar 2001 15:42:52 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Murray Taylor <mtaylor@bytecraft.com.au> Cc: "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org>, "'freebsd-hackers@freebsd.org'" <freebsd-hackers@freebsd.org> Subject: Re: DNS rules etc Message-ID: <20010327154252.C20645@rohrbach.de> In-Reply-To: <710709BB8B02D311942E0060674418105442A8@MELEXC01>; from mtaylor@bytecraft.com.au on Tue, Mar 27, 2001 at 02:48:22PM %2B1000 References: <710709BB8B02D311942E0060674418105442A8@MELEXC01>
next in thread | previous in thread | raw e-mail | index | archive | help
cd /usr/ports/net/djbdns && make install clean then read the docs for dnscache and dnscache-conf at http://cr.yp.to/djbdns.html i use tinydns and axfrdns here for my name services to replace bind, dnscache to screen out requests and to mux several other dns servers and bind boxes into one request scenario. very modular, lots of processes, but better than bind. drawback: no ipv6 support but i dont really care about binding dns to ipv6 at the moment. the dnscache configurations are different for external requests (binds to ethernet ip) and local requests (127.53.0.1 alias on lo0) that have different cachesize and mapin config. /k Murray Taylor(mtaylor@bytecraft.com.au)@Tue, Mar 27, 2001 at 02:48:22PM +1000: > Help!!!! > I've got the frame relay working, and am waiting now for > some network delegation stuff external to me to complete. > However I need to know if it is possible to use DNS > as detailed below to allow the host spyder be visible to the > Internet and our intranet, without polluting the nameservers. > > Given > > > 139.130.142.1 (Telstra end) > | > | > | spyder > | frame relay +--------+ > | point to point | | > +----------------|ng0 | > 139.130.142.13 | | > | | 10.1.2.30 > | fxp0|---------------+ > | | 203.39.118.1 | > |FreeBSD | | > | 4.3 | | > +--------+ | > | > | > | > other 10.1.x.y hosts ---------------+ > > 10.1.x.y hosts area allocated addresses via DHCP from an NT server > > Can I setup DNS rules (such as the commented out zones below) > so that hosts on the internal network can access spyder on > 10.1.2.30, WITHOUT propagating 10. numbers out to the Internet > The two zones in question have their zone and reverse file at > the tail of this email > > cheers > Murray Taylor > Project Engineer > > Bytecraft P/L +61 3 9587 2555 > +61 3 9587 1614 fax > mtaylor@bytecraft.com.au > > ps I will check the mail-list from home tonight, but > if there is a quick answer, please email directly also > mjt > > > > == output of netstat -nr ====================================== > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif > Expire > default 139.130.142.1 UGSc 7 0 ng0 > 10.0.0.2 10.0.0.1 UH 0 0 tun0 > 10.1/16 link#1 UC 0 0 fxp0 => > 10.1.2.3 0:0:f8:1e:ad:9e UHLW 1 56 fxp0 1137 > 10.1.2.4 0:60:67:70:af:22 UHLW 0 91 fxp0 939 > 10.1.2.7 0:60:67:70:ac:4e UHLW 0 75 fxp0 1142 > 10.1.2.30 0:50:8b:f1:de:df UHLW 1 223687 lo0 > 10.1.2.46 0:10:a4:ff:b4:c6 UHLW 0 1 fxp0 1188 > 10.1.2.47 0:0:4c:33:d8:cd UHLW 1 32 fxp0 1052 > 10.1.2.78 0:0:4c:ed:78:5e UHLW 1 189 fxp0 1194 > 10.1.2.129 0:10:5a:81:b0:30 UHLW 1 136 fxp0 1037 > 10.1.255.255 ff:ff:ff:ff:ff:ff UHLWb 2 60 fxp0 > 127.0.0.1 127.0.0.1 UH 1 495 lo0 > 139.130.142.1 139.130.142.13 UH 8 124 ng0 > 203.39.118/26 link#1 UC 0 0 fxp0 => > 203.39.118.1 0:50:8b:f1:de:df UHLW 1 63909 lo0 > > == named.conf ================================================= > // bytecraft.au.com etc > // 2001032701 mjt > > options { > directory "/etc/namedb"; > }; > // end of options > > > zone "bytecraft.au.com" in { > type master; > file "db.byte-au-com"; > }; > > zone "bytecraftentertainment.com" in { > type master; > file "db.byteent-com"; > }; > > zone "bytecraftsystems.com" in { > type master; > file "db.bytesys-com"; > }; > > zone "118.39.203.in-addr.arpa" { > type master; > file "db.203.39.118"; > }; > > // desired restricted zone > // dont allow outsiders to query it, or transfer it > > //zone "2.1.10.in-addr.arpa" { > // notify no; > // type master; > // file "db.10.1.2"; > // allow-query { > // 127.0.0.1/32; 10.1.0.0/16; > // }; > // allow-transfer { > // 127.0.0.1/32; 10.1.0.0/16; > // }; > //}; > > //zone "byteinternal" in { > // type master; > // file "db.byteint"; > // allow-query { > // 127.0.0.1/32; 10.1.0.0/16; > // }; > // allow-transfer { > // 127.0.0.1/32; 10.1.0.0/16; > // }; > //}; > > > > zone "." { > type hint; > file "named.root"; > }; > > zone "0.0.127.IN-ADDR.ARPA" { > type master; > file "localhost.rev"; > }; > > === db.byte-au-com ================================================ > $TTL 86400 > bytecraft.au.com. IN SOA spyder.bytecraft.au.com. > root.spyder.bytecraft.au.com. ( > 2001032701 ; serial no > 10800 ; refresh after 8 hours > 3600 ; retry after 1 hour > 604800 ; expire after 1 week > 86400 ) ; minimum TTL of 1 day > > ; nameserver entry > bytecraft.au.com. IN NS spyder.bytecraft.au.com. > IN NS ns1.telstra.net. > ; mail server entry > bytecraft.au.com. IN MX 5 mail.bytecraft.au.com. > > ; A records - Address mapping > localhost.bytecraft.com.au. IN A 127.0.0.1 > spyder.bytecraft.au.com. IN A 203.39.118.1 > > ; C records - Aliases > www.bytecraft.au.com. IN CNAME spyder.bytecraft.au.com. > entertainment.bytecraft.au.com. IN CNAME spyder.bytecraft.au.com. > systems.bytecraft.au.com. IN CNAME spyder.bytecraft.au.com. > mail.bytecraft.au.com. IN CNAME spyder.bytecraft.au.com. > > == db.byteent-com ================================================= > $TTL 86400 > bytecraftentertainment.com. IN SOA spyder.bytecraft.au.com. > root.spyder.bytecraft.au.com. ( > 2001032701 ; serial no > 10800 ; refresh after 8 hours > 3600 ; retry after 1 hour > 604800 ; expire after 1 week > 86400 ) ; minimum TTL of 1 day > > ; nameserver entry > bytecraftentertainment.com. IN NS spyder.bytecraft.au.com. > IN NS ns1.telstra.net. > > ; mail server entry > bytecraftentertainment.com. IN MX 5 mail.bytecraft.au.com. > > ; A records - Address mapping > ;www.bytecraftentertainment.com. IN A 203.39.118.1 > > ; C records - Aliases > www.bytecraftentertainment.com. IN CNAME spyder.bytecraft.au.com. > > == db.bytesys-com ================================================= > $TTL 86400 > bytecraftsystems.com. IN SOA spyder.bytecraft.au.com. > root.spyder.bytecraft.au.com. ( > 2001032701 ; serial no > 10800 ; refresh after 8 hours > 3600 ; retry after 1 hour > 604800 ; expire after 1 week > 86400 ) ; minimum TTL of 1 day > > ; nameserver entry > bytecraftsystems.com. IN NS spyder.bytecraft.au.com. > IN NS ns1.telstra.net. > > ; mail server entry > bytecraftsystems.com. IN MX 5 mail.bytecraft.au.com. > > ; A records - Address mapping > ;www.bytecraftsystems.com. IN A 203.39.118.1 > > ; C records - Aliases > www.bytecraftsystems.com. IN CNAME spyder.bytecraft.au.com. > > == db.203.39.118 ================================================= > $TTL 86400 > 118.39.203.in-addr.arpa. IN SOA spyder.bytecraft.au.com. > root.spyder.bytecraft.au.com. ( > 2001032701 ; serial no > 10800 ; refresh after 8 hours > 3600 ; retry after 1 hour > 604800 ; expire after 1 week > 86400 ) ; minimum TTL of 1 day > > ; nameservers > 118.39.203.in-addr.arpa. IN NS spyder.bytecraft.au.com. > > ; address reverse mapping > 1.118.39.203.in-addr.arpa. IN PTR spyder.bytecraft.au.com. > > == localhost.rev ================================================= > ; From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90 > ; $FreeBSD: src/etc/namedb/PROTO.localhost.rev,v 1.6 2000/01/10 15:31:40 > peter Exp $ > ; > ; This file is automatically edited by the `make-localhost' script in > ; the /etc/namedb directory. > ; > > $TTL 3600 > > @ IN SOA spyder.bytecraft.au.com. > root.spyder.bytecraft.au.com. ( > 20010223 ; Serial > 3600 ; Refresh > 900 ; Retry > 3600000 ; Expire > 3600 ) ; Minimum > IN NS spyder.bytecraft.au.com. > 1 IN PTR localhost.bytecraft.au.com. > > == db.10.1.2 ======= not called by named.conf ================ > $TTL 86400 > 2.1.10.in-addr.arpa. IN SOA spyder.bytecraft.au.com. > root.spyder.bytecraft.au.com. ( > 2001032102 ; serial no > 10800 ; refresh after 8 hours > 3600 ; retry after 1 hour > 604800 ; expire after 1 week > 86400 ) ; minimum TTL of 1 day > > ; nameservers > 2.1.10.in-addr.arpa. IN NS spyder.bytecraft.au.com. > > ; address reverse mapping > 2.2.1.10.in-addr.arpa. IN PTR melcms01.bytecraft.au.com. > 4.2.1.10.in-addr.arpa. IN PTR melcms02.bytecraft.au.com. > 6.2.1.10.in-addr.arpa. IN PTR melcms03.bytecraft.au.com. > 30.2.1.10.in-addr.arpa. IN PTR spyder.bytecraft.au.com. > 32.2.1.10.in-addr.arpa. IN PTR grunt.bytecraft.au.com. > 109.2.1.10.in-addr.arpa. IN PTR melcms04.bytecraft.au.com. > ; there are a lot of others with DHCP addresses assigned > ; ????? > > == db.bytint ======= not called by named.conf ================ > $TTL 86400 > bytecraft.au.com. IN SOA spyder.bytecraft.au.com. > root.spyder.bytecraft.au.com. ( > 2001032701 ; serial no > 10800 ; refresh after 8 hours > 3600 ; retry after 1 hour > 604800 ; expire after 1 week > 86400 ) ; minimum TTL of 1 day > > ; nameserver entry > bytecraft.au.com. IN NS spyder.bytecraft.au.com. > IN NS ns1.telstra.net. > ; mail server entry > bytecraft.au.com. IN MX 5 mail.bytecraft.au.com. > > ; A records - Address mapping > localhost.bytecraft.com.au. IN A 127.0.0.1 > spyder.bytecraft.au.com. IN A 10.1.2.30 > melcms01.bytecraft.au.com. IN A 10.1.2.2 > melcms02.bytecraft.au.com. IN A 10.1.2.4 > melcms03.bytecraft.au.com. IN A 10.1.2.6 > melcms04.bytecraft.au.com. IN A 10.1.2.109 > grunt.bytecraft.au.com. IN A 10.1.2.32 > > ; C records - Aliases > www.bytecraft.au.com. IN CNAME spyder.bytecraft.au.com. > entertainment.bytecraft.au.com. IN CNAME spyder.bytecraft.au.com. > systems.bytecraft.au.com. IN CNAME spyder.bytecraft.au.com. > mail.bytecraft.au.com. IN CNAME spyder.bytecraft.au.com. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message -- > "It says he made us all to be just like him. So if we're dumb, then > god is dumb, and maybe even a little ugly on the side." -- Frank Zappa KR433/KR11-RIPE -- http://www.webmonster.de -- ftp://ftp.webmonster.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010327154252.C20645>