Hidden Master
Michael Kjorling
michael at kjorling.com
Tue Nov 6 21:54:09 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Nov 6 2001 16:42 -0500, Chimento, Douglas wrote:
> I assume that the below implementation is ok , meaning that are no critical
> issues.
> unparticular I am concerned with the SOA record
> Thanks
>
>
> MASTER SERVER: realmaster
> address: 192.168.0.1
> named.conf :
> ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
>
> zone hideme.com IN {
> type master;
> file "hideme.com"
> };
>
> ;;;;;;;;;;;;;;;;;;;;; END NAMED.CONF ;;;;;;;;;;;;;;;;;;;;
Looks OK apart from the missing semicolon after 'file "hideme.com"',
but you probably want more to your named.conf than this (especially if
you're using BIND 9). But that's a different issue.
> FILE: hideme.com
>
> ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
> @ 86400 IN SOA ns1 fwis (
In a stealth master configuration, you have to set the SOA MNAME to
the "real" master, not the published one. At least I think it is that
way. Would someone please confirm or deny this?
> 3600
> 6400
> 604800
> 86400 )
>
> 86400 IN NS ns1
> 900 IN MX 10 mail1
> 900 IN MX 10 mail2
>
> testing 15 IN WKS 207.252.119.31 tcp telnet
Aren't WKS RRs since long deprecated?
> ns1 IN A 207.252.119.31
> srp00 IN A 207.252.119.32
>
> ;;;;;;;;;;;;;;;;;; end FILE hideme.com ;;;;;;;;;;;;;;;;;;
>
>
>
> ----------------------------------------------------------------------------
> --------------------------
>
> Slave Server: ns1.hideme.com
> ADDRESS: 207.252.119.31
>
> named.conf:
> zone hideme.com {
> type slave;
> file "hideme.com";
> masters { 192.168.0.1; }; // The "realmaster"
> };
Looks OK to me, with the same reservation as above. (And of course
assuming that ns1 can get to 192.168.0.1 somehow.)
Michael Kjörling
- --
Michael Kjörling -- Programmer/Network administrator ^..^
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e \/
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4
"There is something to be said about not trying to be glamorous
and popular and cool. Just be real -- and life will be real."
(Joyce Sequichie Hifler, September 13 2001, www.hifler.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html
iD8DBQE76FwFKqN7/Ypw4z4RAuejAJ0TJgpgZQHGsn6mmEDCU70RgsEjIQCeLj59
0GcSLxBN2w1JaQ+r41rqwSY=
=o3Y5
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list