Antwort: Bind 8 hardening {Scanned}
SW
wppiphoto at wppi.com
Wed Dec 29 20:54:19 UTC 2004
Hi Holger,
Here is more info on my system configuration:
Server has 2 Nics w/ the following ip addresses:
Nic A is facing the Internet w/ ip address 100.168.100.1/24 (this is not my real ip address, but changed for security reasons to post in a public forum)
Nic B is on a private ip address and does not interact w/ the Internet w/ ip address 192.168.1.1/24
So, with that here is my complete /etc/named.conf for primary name server:
acl internal { 192.168.100/24; 209.8.232/24; };
acl slaves { 100.168.100.50; };
options {
directory "/hsphere/local/var/named";
listen-on { 127.0.0.1; 100.168.100.10; };
allow-transfer { 100.168.100.50; };
allow-query { internal; };
allow-recursion { internal; };
recursion no;
fetch-glue no;
use-id-pool yes;
transfer-source 127.0.0.1;
pid-file "/hsphere/local/var/named/named.pid";
};
zone "." IN { type hint; file "local/named.ca"; };
zone "localhost" IN { type master; file "local/localhost.zone"; allow-update { none; }; };
zone "0.0.127.in-addr.arpa" IN { type master; file "local/named.local"; allow-update { none; }; };
zone "100.168.100.in-addr.arpa" { type master; file "100.168.100"; allow-update { none; }; };
include "zones_index.conf";
And my secondary name server /etc/named.conf has the following:
acl internal { 192.168.1/24; 209.8.232/24; };
options {
directory "/hsphere/local/var/named";
listen-on { 127.0.0.1; 100.168.100.50; };
allow-transfer { 100.168.100.10; };
allow-query { internal; };
allow-recursion { internal; };
recursion no;
fetch-glue no;
use-id-pool yes;
transfer-source 127.0.0.1;
pid-file "/hsphere/local/var/named/named.pid";
};
zone "." IN { type hint; file "local/named.ca"; };
zone "localhost" IN { type master; file "local/localhost.zone"; allow-update { none; }; };
zone "0.0.127.in-addr.arpa" IN { type master; file "local/named.local"; allow-update { none; }; };
zone "100.168.100.in-addr.arpa" { type slave; file "100.168.100"; masters { 100.168.100.10; }; };
include "zones_index.conf";
Thakns,
SW
-------------------------------------------------
WPPi.com | WPPi.Net
-------------------------------------------------
http://www.wppi.com | http://www.wppi.net
-------------------------------------------------
WPPi.com & WPPi.Net MailScanner Signature
This message has been scanned for viruses
and dangerous content by WPPi MailScanner,
and has been found to be clean.
-------------------------------------------------
More information about the bind-users
mailing list