LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 11-25-2004, 08:36 AM   #1
Der_tolle_Emil
LQ Newbie
 
Registered: Sep 2004
Posts: 4

Rep: Reputation: 0
DNS BIND9: Restrict certain entries from being transfered


Hi there!

We set up a proxy server in our company and wanted to use the browser's feature to automatically detect browser settings. It took us some time to get it to work, and now we are stuck with a small inconvenience:

For the automatic detection to work you will have to be able to resolve wpad.yourdomain.com, which resolves to a webserver that then serves the config file. So far so good. Out Webserver serving this file has a private IP address, 10.0.0.2. This is the only entry in our DNS zone using a private IP.

The Problem is: With every DNS update, our wpad entry gets transfered like every other domain and thus can be resolved with every other DNS - and of course it resolves to 10.0.0.2. It would not be that much of a problem that the domainname can be resolved, because the private IP is useless anyway, but it does look a bit unprofessional (at least I think it does) to transfer useless entries.

So the simple question is: Is there a way to hinder our DNS to transfer this entry? The DNS is not reachable from the outside, but has a public reachable DNS slave. If the slave is still serving our private IP that would be ok. But we do not want to "flood" other's DNS with our (for them) useless entries.

And if there is a simple way, how could that be accomplished? I suppose noone will ever notice this single entry so if a working solution would require rebuilding our architecture I guess we could live with the fact that we are responsible for one useless DNS entry.

Thank you in advance,
Klaus.
 
Old 11-27-2004, 09:14 AM   #2
SteveK1979
Member
 
Registered: Feb 2004
Location: UK
Distribution: RHEL5/6, Solaris 10/11, NetBSD, OpenBSD, FreeBSD, MacOS
Posts: 211

Rep: Reputation: 40
Hmm...well, it might be possible to do this using the 'views' function in BIND9.

It allowd you to set up differnet DNS records to be served to different addresses that are making the request. So you could serve the view that contains the internal address to internal clients only, and then the DNS records without the internal address to external clients.

It gets pretty involved though! Especially when you bring slave name servers into the equation.

It would require a new )or revised) named.conf and it would also require new zone files.

Cheers,

Steve
 
Old 12-01-2004, 07:43 AM   #3
Der_tolle_Emil
LQ Newbie
 
Registered: Sep 2004
Posts: 4

Original Poster
Rep: Reputation: 0
Hi!

Thanks for your reply! I read about that kind of solution here somewhere on the forums before and I thought maybe there is a simpler way. But thanks anyway at least I now know that I didn't miss a simpler solution.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS Server (bind9) works on the private network but not in the public one! wjleon Linux - Networking 26 01-24-2009 08:14 PM
BIND9 slave DNS problem HELP!!! mlu Linux - Networking 2 05-05-2005 06:31 AM
Suse Linux 9.1 Pro BIND9/DNS server vbat Linux - Newbie 0 10-01-2004 07:20 PM
need help to set up caching only dns server to with bogus DNS entries ullas Linux - Networking 1 10-28-2003 01:54 PM
BIND9 and "lame server" log entries?? ifm Linux - Networking 1 07-02-2002 11:09 AM


All times are GMT -5. The time now is 10:56 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration