bind caching nameserver: views/firewalling (RHEL5/CentOS5)
Hi all,
1: I have following config for my bind service: Code:
options { The machines who use this server are in 10.10.240.0/24. When the view part is commented, then I can resolve domain names correctly using this nameserver. However when I put it in the config again (which I think should work as I expect, that 10.10.240.x can resolve using this server) I get this from dig at the remote host: Code:
dig @192.168.14.78 google.be 2: Same bind configuration. This is about the query-source directive. If I put it in the config I can use port 53 in my firewall configuration. However, if I disable it (enabling port randomization) will my firewall then see that this is related traffic and let it pass through? If you need any more information... please let me know |
1.
Quote:
2. If you're behind a firewall allowing only port 53 traffic, you need that statement |
Quote:
Maybe I have a wrong understanding of what the match-destinations directive means. I did searched on google but explanations are not very clear. This destination, is it the destination where the response from a request should be sent? Is it the IP of the interface on the bind server itself? Is it an (DNS)IP range that the bind server should respond for. From your explanation I would think the second one(an IP on an interface on the bind server). |
I also don't understand the match-destinations statement: If that's for the server ip, you should use the 192.168.14.78.
Do what I've told you and see if it works. |
Quote:
|
All times are GMT -5. The time now is 03:25 AM. |