LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   DNS configuration ?? (http://www.linuxquestions.org/questions/linux-software-2/dns-configuration-269576/)

xedios 12-23-2004 10:51 AM

DNS configuration ??
 
Hi

I was browsing the net and i for a simple solutin ..

I need to stop people to lview my domain

>nalookup ns.xx.com
>ls -d ns.xx.com
and the my dns give up all the information about my doman


what can I do to stop this ??

Do I have to modfy the named.conf file or the root zone whitch is holding my domain .. ??

Thanx

And marry chrismas to every one!

trickykid 12-23-2004 11:01 AM

Why would you want to do this? Anyone can pull up DNS info or whois on a domain, etc.. Why does it have to be so secretive? And AFAIK its required info for your DNS to work properly, someone correct me if I'm wrong.

bm17 12-23-2004 12:05 PM

When you become part of the DNS you are participating in a community. You need to be accountable to the community for any net abuses that may involve your domain name. The only reason I can think of for obscuring your identification is if you were a spammer.

xedios 12-23-2004 01:49 PM

Ok thanx for replaying .. but I asked a wrong question ..

So I wil ask in another waj

if i have a doman xxx.com
and a lot of su domain
mail.xxxx.com
www.xxxx.com

an thej are bind to the same ip adress or diferent no mether .. but those ip's ar visible to the DMZ

my problem is that that i have a setup like this

xxx.com -> my primary domain ( it is attachet to the WAN ip address )

lan.xxx.com -> my internal domann ( here is the problem How can I hide or disable this doman from being listed .?? This is for my internal ip range Ig. 192.168.0/24)

Ok i think it is ok now ..

PS I AM NOT A SPAMER . I just want to protect my internal network so that just any freeak whitch writes down nslookup and ls -d an my internal doman sees ip's of my pc ... ( bad sentens .)

Thanx

bm17 12-23-2004 02:24 PM

xxx.com? So you are a pornographer! (Just kidding)

You can put lan.xxxx.com in a seperate zone file. I'm not sure what the commands are for restricting access to that zone. I just wanted to point out that hiding the names will not prevent people from communicating with those machines.

xedios 12-23-2004 02:30 PM

Ok .. thanx

jest but it's inaf to tide the names

so if you do nslookup myname.lan.mydom.com you wont get a ip adress
bysicli you cant ping that adres becouse it is behind a NAT firewall so no matters
I just wish to nerow down the posibilities.

BY

:D Goog joke :D

xedios 12-23-2004 02:59 PM

Here is the solution
The bold text its what you need !!!

zone "." {
type hint;
file "named.ca";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};

zone "xxx.com" {
notify no;
type master;
file "named.forward";
};
zone "lan.xxx.com" {
notify no;
type master;
file "named.lan.xxx.com";

allow-query { xxx.xxx.x.x/xx;localhost; };
allow-transfer { xxx.xxx.x.x/xx; localhost; };

};

zone "x.xxx.xxx.in-addr.arpa" {
notify no;
type master;
file "named.xx.xxx.xxx";

allow-query { xxx.xxx.xx.x/xx;localhost; };
allow-transfer {xxx.xxx.x.x/xx; localhost; };

};
zone "xxx.xxx.xxx.in-addr.arpa" {
notify no;
type master;
file "named.xxx.xxx.xxx";
};


All times are GMT -5. The time now is 04:02 AM.