BIND problem

Corey Edwards tensai at zmonkey.org
Fri Sep 23 10:19:43 MDT 2005


On Fri, 2005-09-23 at 09:41 -0600, Michael Torrie wrote:
> On Thu, 2005-09-22 at 16:13 -0600, Corey Edwards wrote:
> > I'm doing that for a few zones, actually. The one caveat is that
> > subdomain.foo.example.com will *not* work. Generally speaking, that
> > shouldn't be a problem.
> 
> I've figured out a way to do what I want to do.  This is a horrible
> abuse of DNS, but it works.  Basically I run the *.chem.byu.edu domain,
> but I also host a few sites like rexleerun.byu.edu and
> cancerresearch.byu.edu that are coming from my DMZ.  The problem is that
> from inside my private network, due to translation issues, I cannot
> directly access the outside IP address that maps to the private ip
> address of the server inside my DMZ.  So in order to give access to
> these sites for my users inside my private network, I have to intercept
> DNS requests for theses sites and return the private IP address instead
> of the public on.  So I ended up setting up an authoritative zone file
> for each of my hosted sites with just one entry in it. For example:
> 
> $TTL 10800      ; 3 hours
> rexleerun.byu.edu.      IN SOA  ns1.chem.byu.edu. csr.chem.byu.edu. (
>                                 1        ; serial
>                                 10800      ; refresh (3 hours)
>                                 3600       ; retry (1 hour)
>                                 604800     ; expire (1 week)
>                                 3600       ; minimum (1 hour)
>                                 )
>                         NS      ns1.chem.byu.edu.
> 
> $TTL 10800      ; 3 hours
> rexleerun.byu.edu.      IN      A       192.168.200.52
> 
> This pretends that rexleerun.byu.edu is actually a DNS domain in its own
> right, but with only itself as the sole ip address in this domain.
> 
> I have to make a separate zone for each of my hosted sites, but that's
> not too bad.  Anything that is *.byu.edu passes through just fine, even
> *.cs.byu.edu or *.et.byu.edu.

Sounds just like the problem I was having which prompted me to figure
this out. It's been working fine for many months, so I expect it'll work
fine for you too.

> Thanks for suggesting this idea.  With a little modification it works
> well for me.  If you wanted to block yro.slashdot.org you could probably
> do something similar.

I want to block *all* of /. and in fact I have been. I went /. free cold
turkey and I highly recommend it to everyone.

Corey

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://plug.org/pipermail/plug/attachments/20050923/d5ca7ff0/attachment.bin 


More information about the PLUG mailing list