From: Jeff A. Earickson (jaearick@colby.edu)
Date: Wed Jul 14 2004 - 11:58:41 CDT
Hi,
I too am jumping on this bandwagon -- unfortunately the wagon refuses
to go where I want. My netreg system with the fake DNS setup (137.146.214.50)
has the following in its boot file, after the options declarations:
zone "msft.com"
{
type forward;
forwarders { 137.146.210.51; };
};
#---the root of this domain is our bogus netreg info
zone "." {
type master;
file "primary/fake-root-for-netreg";
};
Where 137.146.210.51 is our real DNS secondary/forwarder. When I do
dig @137.146.214.50 www.colby.edu
or
dig @137.146.214.50 www.msft.com
I get back the answer "137.146.214.50" for both. The forwarding for
msft.com doesn't happen. I too only want three DNS boxes in my picture:
(a) my real primary, (b) my real secondary/forwarder 137.146.210.51, (c)
my netreg box with the fake DNS stub plus selected zones like msft.com.
I've tried views but that didn't help either. Any ideas?
Jeff Earickson
Colby College
On Wed, 14 Jul 2004, Robert Lowe wrote:
> Date: Wed, 14 Jul 2004 10:18:31 -0500
> From: Robert Lowe <Robert.H.Lowe@lawrence.edu>
> Reply-To: netreg@southwestern.edu
> To: netreg@southwestern.edu
> Subject: Re: NetReg: Selective DNS Forwarding As a Method to Allow Self-Help
> From Quarantine Networks--BIND Configuration
>
> Ricardo Stella wrote:
>
>> I've been playing yesterday with selective DNS forwarding...
>>
>> The problem with the suggestion presented, is that you'll really be
>> running four DNS servers:
>>
>> a) NetReg with selective forwarding
>> b) Dummy DNS (like the standard NetReg dummy one)
>> c) Primary
>> d) Secondary
>>
>> (You could say three, but not running a secondary ???)
>>
>> I need to simplify this down to 'TWO'. That is, Primary and Sec. The
>> only way would be to use views.
>>
>> I did manage to get this down to three boxes. That is, a) and b) are
>> both running on the same NetReg box, each listening on a different
>> interface. But I should be able to run this directly on the existing
>> DNS servers with views.
>>
>> Any ideas on how do accomplish this ?
>
> First, a and b are the same thing. Master or slave zones of any type
> (in this case they are forward zones) are referenced first. After that,
> the root hints are consulted, and this is where the "default" answer
> pointing to your NetReg box comes from. So a and b do not require
> separate instances of named.
>
> Second, unless you use multiple network interfaces, you do not want to
> run one of your production DNS servers there, because you mark the
> nameserver on that address as bogus.
>
> You should have at *least* two nameservers, even if you have offsite
> slaves. So why not run a+b on your NetReg box, and leave your other
> two nameservers alone?
>
> -Robert
>
> **********************************************************************
> To unsubscribe from this list, send an e-mail message to
> majordomo@southwestern.edu containing a single line with the words:
> unsubscribe netreg
> Send requests for assistance to: owner-netreg@southwestern.edu
> **********************************************************************
>
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:46 CDT