BIND problem

Michael Torrie torriem at chem.byu.edu
Fri Sep 23 09:41:02 MDT 2005


On Thu, 2005-09-22 at 16:13 -0600, Corey Edwards wrote:
> I'm doing that for a few zones, actually. The one caveat is that
> subdomain.foo.example.com will *not* work. Generally speaking, that
> shouldn't be a problem.

I've figured out a way to do what I want to do.  This is a horrible
abuse of DNS, but it works.  Basically I run the *.chem.byu.edu domain,
but I also host a few sites like rexleerun.byu.edu and
cancerresearch.byu.edu that are coming from my DMZ.  The problem is that
from inside my private network, due to translation issues, I cannot
directly access the outside IP address that maps to the private ip
address of the server inside my DMZ.  So in order to give access to
these sites for my users inside my private network, I have to intercept
DNS requests for theses sites and return the private IP address instead
of the public on.  So I ended up setting up an authoritative zone file
for each of my hosted sites with just one entry in it. For example:

$TTL 10800      ; 3 hours
rexleerun.byu.edu.      IN SOA  ns1.chem.byu.edu. csr.chem.byu.edu. (
                                1        ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                3600       ; minimum (1 hour)
                                )
                        NS      ns1.chem.byu.edu.

$TTL 10800      ; 3 hours
rexleerun.byu.edu.      IN      A       192.168.200.52

This pretends that rexleerun.byu.edu is actually a DNS domain in its own
right, but with only itself as the sole ip address in this domain.

I have to make a separate zone for each of my hosted sites, but that's
not too bad.  Anything that is *.byu.edu passes through just fine, even
*.cs.byu.edu or *.et.byu.edu.

Thanks for suggesting this idea.  With a little modification it works
well for me.  If you wanted to block yro.slashdot.org you could probably
do something similar.

Michael

> 
> Corey
> 
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
-- 
Michael Torrie <torriem at chem.byu.edu>




More information about the PLUG mailing list