BIND problem
Steve
smorrey at gmail.com
Fri Sep 23 01:57:40 MDT 2005
Corey Edwards wrote:
>On Thu, 2005-09-22 at 23:04 -0600, Michael Torrie wrote:
>
>
>>On Thu, 2005-09-22 at 21:22 -0600, Corey Edwards wrote:
>>
>>
>>>Sorry, that really is pretty ambiguous. I meant that anything in
>>>subdomain.foo.example.com won't resolve to the normal address. I started
>>>thinking about it and I wasn't sure why that is, so I ran a few tests.
>>>One of the domains that I forge is slashdot.org. As expected,
>>>yro.slashdot.org won't resolve on my box. Yay! That's because Bind
>>>believes it is authoritative for the whole *.slashdot.org zone, so
>>>anything not listed doesn't exist. foo.bar.yro.slashdot.org doesn't work
>>>either.
>>>
>>>
>>That's not good for me then. Darn it.
>>
>>
>
>Here's something you can do:
>
>$TTL 3D
>$ORIGIN org.
>slashdot IN SOA slashdot.org. hostmaster.slashdot.org. (
> 2005092101 ; Serial
> 1H ; Refresh - 8h
> 1H ; Retry - 2h
> 4W ; Expire - 4w
> 1H ; Negative Cache TTL - 1d
> )
>
>
> NS your.dns.server.
> A 127.0.0.1
>
>
>$ORIGIN slashdot.org.
>www IN A 127.0.0.1
>
>yro IN NS ns1.ostg.com.
>yro IN NS ns1.vasoftware.com.
>
>Basically you're forging authority for their domain and then delegating
>the subdomains back to them. The drawback there is that you have to
>track NS changes (which should be infrequent) and you have to enumerate
>all subdomains you want to work.
>
>Will that do the trick?
>
>Corey
>
>
>------------------------------------------------------------------------
>
>/*
>PLUG: http://plug.org, #utah on irc.freenode.net
>Unsubscribe: http://plug.org/mailman/options/plug
>Don't fear the penguin.
>*/
>
Just curious, but why do this in bind? Wouldn't it be easier and
quicker to just use a hosts file?
More information about the PLUG
mailing list