Re: Correct configuration
- From: Dimitri Yioulos <dyioulos@xxxxxxxxxxxxx>
- Date: Fri, 9 Jul 2010 11:24:24 -0400
On Thursday 08 July 2010 8:41:19 am Dimitri
Yioulos wrote:
Hello to all.
I have recently set up a slave DNS server
(bind-9.3.6) on a CentOS 5.x Linux box. The
master is our Windows server and, really, it
directly serves our AD infrastructure, and
forwards external queries to our ISP''s DNS
servers.
I got the basic set-up correct, I believe.
However, yesterday I pushed the envelope a bit.
I want to make sure that, in the temporary
absence of the master, that the slave does the
forwarding to the ISP, but that it only servers
our company (i.e. is not accessible
externally). Here's my named.conf file:
Options {
directory "/var/named"; //Working
directory forwarders {
65.x.1.x;
65.x.7.x;
};
forward only;
version "not currently available";
allow-recursion {192.168.100.0/22;};
};
//Zone entry for my Active Directory domain.
zone "mydomain.com" IN {
type slave;
file "slaves/db.ad.mydomain.com";
masters { 192.168.100.3;};
allow-notify {none;};
forwarders {};
};
// reverse map for class C 192.168.100.0
zone "100.168.192.IN-ADDR.ARPA" IN {
type slave;
file "slaves/db.ad.192.168.100.rev";
masters {192.168.100.3;};
allow-notify {none;};
forwarders {};
};
include "/etc/rndc.key";
logging {
channel log {
file "/var/log/named/bind.log" versions 3
size 5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category default{ log; };
category statistics { log; };
category queries { log; };
};
Is this correct and secure?
Many thanks.
Dimitri
Anyone?
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
.
- Prev by Date: Re: Split view - differing SOA serial number
- Next by Date: Re: bind says 'clocks are unsynchronized' but they are not
- Previous by thread: Correct configuration
- Next by thread: BIND 9.7.1-P1 Release Announcement
- Index(es):
Relevant Pages
|
