|
|
Re: lug-bg: hidden/visible reverse sub-zone ?
- Subject: Re: lug-bg: hidden/visible reverse sub-zone ?
- From: vlk@email.domain.hidden (Vesselin Kolev)
- Date: Wed, 16 Apr 2003 12:47:35 +0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tova, koeto ti triabva se naicha opisanie "view"...
Eto ti edin primer (s relani adresi i domaini, shtoto niamam vreme
da go predaktiram):
// generated by named-bootconf.pl
// secret must be the same as in /etc/rndc.conf
key "key" {
algorithm hmac-md5;
secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};
// Addr. restrictions
acl internal-clients { 62.44.103.0/30;
62.44.103.4/30;
62.44.103.8/30;
62.44.103.12/30;
62.44.103.16/28;
62.44.103.40/29;
62.44.103.48/28;
62.44.103.64/26;
192.168.4.0/30;
192.168.100.0/24;
127.0.0.1;};
acl external-clients { any;};
logging {
channel LAMER_log {
file "/var/log/named/dns-lamer.log" versions 3 size 10m;
severity info; # only send priority info and higher
print-severity yes; print-time yes;
};
channel SEC_log {
file "/var/log/named/dns-sec.log" versions 3 size 10m;
severity info; # only send priority info and higher
print-severity yes; print-time yes;
};
channel STAT_log {
file "/var/log/named/dns-stat.log" versions 3 size 10m;
severity info; # only send priority info and higher
print-severity yes; print-time yes;
};
channel NET_log {
file "/var/log/named/dns-net.log" versions 3 size 10m;
severity info; # only send priority info and higher
print-severity yes; print-time yes;
};
channel IN_log {
file "/var/log/named/dns-in.log" versions 3 size 10m;
severity info; # only send priority info and higher
print-severity yes; print-time yes;
};
channel OUT_log {
file "/var/log/named/dns-out.log" versions 3 size 10m;
severity info; # only send priority info and higher
print-severity yes; print-time yes;
};
channel NOT_log {
file "/var/log/named/dns-not.log" versions 3 size 10m;
severity info; # only send priority info and higher
print-severity yes; print-time yes;
};
category lame-servers { LAMER_log; };
category security { SEC_log; };
category client { STAT_log; };
category queries { STAT_log; };
category network { NET_log; };
category xfer-in { IN_log; };
category xfer-out { OUT_log; };
category notify { NOT_log; };
};
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
//query-source address * port 53;
listen-on { 127.0.0.1;
62.44.103.6;
192.168.100.100;};
version "ISC BIND 9.2.2 on Mandrake LINUX 9.0. Operator:
vlk_at_lcpe.uni-sofia.bg";
};
<p>view "internals" {
match-clients { internal-clients;};
forward only;
forwarders { 62.44.103.5;
193.68.3.252;
62.44.96.1;
62.44.96.7;};
recursion yes;
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
zone "smart.host" {
type master;
file "domains/smart.host";
allow-transfer { any;};
allow-query { any;};
};
zone "lcpe.uni-sofia.bg" {
type slave;
masters { 62.44.103.1;
62.44.103.5;
192.168.100.1;};
file "domains/lcpe.uni-sofia.bg";
zone-statistics yes;
allow-transfer { any; };
allow-query { any; };
};
zone "vpn.lcpe.uni-sofia.bg" {
type slave;
masters { 62.44.103.1;
62.44.103.5;
192.168.100.1;};
file "domains/vpn.lcpe.uni-sofia.bg";
zone-statistics yes;
allow-transfer { any; };
allow-query { any; };
};
zone "ltph.chem.uni-sofia.bg" {
type slave;
masters { 62.44.103.5;
192.168.100.90;};
file "domains/ltph.chem.uni-sofia.bg";
allow-query { any;};
allow-transfer { any;};
};
zone "103.44.62.in-addr.arpa" {
type slave;
masters { 62.44.103.1;
62.44.103.5;
192.168.100.1;};
file "arpa/103.44.62.in-addr.arpa";
zone-statistics yes;
allow-transfer { any; };
allow-query { any; };
};
zone "0.103.44.62.in-addr.arpa" {
type slave;
masters { 62.44.103.1;
62.44.103.5;
192.168.100.1;};
file "arpa/0.103.44.62.in-addr.arpa";
zone-statistics yes;
allow-transfer { any; };
allow-query { any; };
};
zone "128.103.44.62.in-addr.arpa" {
type slave;
masters { 62.44.103.1;
62.44.103.5;
192.168.100.1;};
file "arpa/128.103.44.62.in-addr.arpa";
zone-statistics yes;
allow-transfer { any; };
allow-query { any; };
};
zone "192.191.68.193.in-addr.arpa" {
type slave;
masters { 62.44.103.5;};
file "arpa/192.191.68.193.in-addr.arpa";
allow-transfer { any;};
allow-query { any;};
};
zone "100.168.192.in-addr.arpa" {
type slave;
masters { 62.44.103.1;
62.44.103.5;
192.168.100.1;};
file "arpa/100.168.192.in-addr.arpa";
zone-statistics yes;
allow-transfer { any; };
allow-query { any; };
};
zone "test.zone" {
type master;
file "test.zone";
zone-statistics yes;
allow-transfer { any;};
allow-query { any;};
};
};
view "externals" {
match-clients { external-clients;};
forward only;
forwarders { 62.44.96.1;
62.44.96.7;};
recursion yes;
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
zone "lcpe.uni-sofia.bg" {
type slave;
masters { 62.44.103.1;
62.44.103.5;
192.168.100.1;};
file "domains/lcpe.uni-sofia.bg";
zone-statistics yes;
allow-transfer { any; };
allow-query { any; };
};
zone "103.44.62.in-addr.arpa" {
type slave;
masters { 62.44.103.1;
62.44.103.5;
192.168.100.1;};
file "arpa/103.44.62.in-addr.arpa";
zone-statistics yes;
allow-transfer { any; };
allow-query { any; };
};
zone "0.103.44.62.in-addr.arpa" {
type slave;
masters { 62.44.103.1;
62.44.103.5;
192.168.100.1;};
file "arpa/0.103.44.62.in-addr.arpa";
zone-statistics yes;
allow-transfer { any; };
allow-query { any; };
};
zone "128.103.44.62.in-addr.arpa" {
type slave;
masters { 62.44.103.1;
62.44.103.5;
192.168.100.1;};
file "arpa/128.103.44.62.in-addr.arpa";
zone-statistics yes;
allow-transfer { any; };
allow-query { any; };
};
<p>};
I edna zabelezhka otnosno polzvaneto na rndc. Triabva da
ukazvash view za koeto iskash da ima izpylnenie na comanda
prez rndc. Naprimer za reload:
[root_at_nat-router root]# rndc reload ltph.chem.uni-sofia.bg in internals
Taka az reloadvam samo zonata vyv view internals! (za nego vizh primera
po-gore)
<p> I opisvai vnimatelno za da niama ... kolizii:))
Pozdravi
Vesselin Kolev
<p>On Wednesday 16 Apr 2003 12:18, raptor wrote:
<em class="quotelev1">> hi,
<em class="quotelev1">>
<em class="quotelev1">> problema mi e sledniq iskam da imam reverse resolve na nqkoi adresi, kato w
<em class="quotelev1">> systoto wreme tozi resolve da e wyzmoven samo za nqkoi moi wytreshni ip
<em class="quotelev1">> adresi... Po princip nqmam problem sys name-->ip resolvane zashtoto prosto
<em class="quotelev1">> si prawq nowa zona i s allow-query si razreshawam koi move da q querwa..
<em class="quotelev1">> Problema e Reverse-resolve zashtoto ne moga da razdelq na dwe zoni adresite
<em class="quotelev1">> (ednata sys access for all i drugata hidden za wynshniq swqt) zashtoto
<em class="quotelev1">> imeto na reverse zonata e specifichno toest (primerno):
<em class="quotelev1">>
<em class="quotelev1">> 0.168.192.in-addr.darpa { ... }
<em class="quotelev1">>
<em class="quotelev1">> ot druga strana ima adresi koito zadylvitelno trqbwa da mogat da se
<em class="quotelev1">> reverse-resolvnat. Estestweno ideqta e towa da se naprawi samo s edin DNS
<em class="quotelev1">> server.
<em class="quotelev1">> Problema move i da se razreshi ako imam wazmovnost da opiswam reverse-zoni
<em class="quotelev1">> za po malki ot class C mrevi. Nqkakwi idei ?!
<em class="quotelev1">>
<em class="quotelev1">> thanx
<em class="quotelev1">> ===========================================================================
<em class="quotelev1">>= A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
<em class="quotelev1">> http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara
<em class="quotelev1">> Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
<em class="quotelev1">> ===========================================================================
<em class="quotelev1">>=
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+nSa9+48lZPXaa+MRAhTHAJ93jr9Ik/KPwphZLupaGSFwGxDFOQCgsFp3
L8Gjw2zz0z8gct/E8aewhR4=
=/G8Z
-----END PGP SIGNATURE-----
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|
|
|