Correct configuration
Dimitri Yioulos
dyioulos at firstbhph.com
Fri Jul 9 15:24:24 UTC 2010
On Thursday 08 July 2010 8:41:19 am Dimitri
Yioulos wrote:
> Hello to all.
>
> I have recently set up a slave DNS server
> (bind-9.3.6) on a CentOS 5.x Linux box. The
> master is our Windows server and, really, it
> directly serves our AD infrastructure, and
> forwards external queries to our ISP''s DNS
> servers.
>
> I got the basic set-up correct, I believe.
> However, yesterday I pushed the envelope a bit.
> I want to make sure that, in the temporary
> absence of the master, that the slave does the
> forwarding to the ISP, but that it only servers
> our company (i.e. is not accessible
> externally). Here's my named.conf file:
>
>
> Options {
> directory "/var/named"; //Working
> directory forwarders {
> 65.x.1.x;
> 65.x.7.x;
> };
> forward only;
> version "not currently available";
> allow-recursion {192.168.100.0/22;};
> };
>
> //Zone entry for my Active Directory domain.
> zone "mydomain.com" IN {
> type slave;
> file "slaves/db.ad.mydomain.com";
> masters { 192.168.100.3;};
> allow-notify {none;};
> forwarders {};
> };
>
> // reverse map for class C 192.168.100.0
> zone "100.168.192.IN-ADDR.ARPA" IN {
> type slave;
> file "slaves/db.ad.192.168.100.rev";
> masters {192.168.100.3;};
> allow-notify {none;};
> forwarders {};
> };
>
> include "/etc/rndc.key";
>
> logging {
> channel log {
> file "/var/log/named/bind.log" versions 3
> size 5m;
> severity info;
> print-time yes;
> print-severity yes;
> print-category yes;
> };
> category default{ log; };
> category statistics { log; };
> category queries { log; };
> };
>
>
> Is this correct and secure?
>
> Many thanks.
>
> Dimitri
Anyone?
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the bind-users
mailing list