tensai at zmonkey.org
Fri Sep 23 10:19:43 MDT 2005
On Fri, 2005-09-23 at 09:41 -0600, Michael Torrie wrote:
> On Thu, 2005-09-22 at 16:13 -0600, Corey Edwards wrote:
> > I'm doing that for a few zones, actually. The one caveat is that
> > subdomain.foo.example.com will *not* work. Generally speaking, that
> > shouldn't be a problem.
> I've figured out a way to do what I want to do. This is a horrible
> abuse of DNS, but it works. Basically I run the *.chem.byu.edu domain,
> but I also host a few sites like rexleerun.byu.edu and
> cancerresearch.byu.edu that are coming from my DMZ. The problem is that
> from inside my private network, due to translation issues, I cannot
> directly access the outside IP address that maps to the private ip
> address of the server inside my DMZ. So in order to give access to
> these sites for my users inside my private network, I have to intercept
> DNS requests for theses sites and return the private IP address instead
> of the public on. So I ended up setting up an authoritative zone file
> for each of my hosted sites with just one entry in it. For example:
> $TTL 10800 ; 3 hours
> rexleerun.byu.edu. IN SOA ns1.chem.byu.edu. csr.chem.byu.edu. (
> 1 ; serial
> 10800 ; refresh (3 hours)
> 3600 ; retry (1 hour)
> 604800 ; expire (1 week)
> 3600 ; minimum (1 hour)
> NS ns1.chem.byu.edu.
> $TTL 10800 ; 3 hours
> rexleerun.byu.edu. IN A 192.168.200.52
> This pretends that rexleerun.byu.edu is actually a DNS domain in its own
> right, but with only itself as the sole ip address in this domain.
> I have to make a separate zone for each of my hosted sites, but that's
> not too bad. Anything that is *.byu.edu passes through just fine, even
> *.cs.byu.edu or *.et.byu.edu.
Sounds just like the problem I was having which prompted me to figure
this out. It's been working fine for many months, so I expect it'll work
fine for you too.
> Thanks for suggesting this idea. With a little modification it works
> well for me. If you wanted to block yro.slashdot.org you could probably
> do something similar.
I want to block *all* of /. and in fact I have been. I went /. free cold
turkey and I highly recommend it to everyone.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://plug.org/pipermail/plug/attachments/20050923/d5ca7ff0/attachment.bin
More information about the PLUG