Use iptables (was Re: Domain Wildcarding)
James A Griffin
agriffin at cpcug.org
Thu Mar 29 13:24:29 UTC 2001
Bob,
If the requirement is "internal" then you may want to consider using
"destination Network Address Translation". This capability is available
as part of the iptables feature in the latest Linux kernels. See the
paper by Jay Beale (one of the authors of Bastille Linux) at
http://securityportal.com/cover/coverstory20010122.html.
This solution will give you much greater (fine grain) control and
auditing (if your policy requires) then mucking about with DNS. (IMO)
Regards,
Jim
PS For any Linux users that do not know about the configuration
"hardening" script see:
http://www.bastille-linux.org/ for an easy way to improve some security
aspects of your systems.
Bob Steele wrote:
>
> Razvan, the purpose is to setup a bogus name server that will force inquiries
> onto a specific web page regardless of the domain that the user enters into his
> browser. I know it is possible to specify sub domains with a wild card inside
> the zone files. For example: "*." IN A 123.456.789.012 which will catch
> abc.example.com and xyz.example.com. But in this case it's desirable to treat
> example.com and xyz.org the same. This is not intended to be used for the
> general public, just a certain type of internal traffic.
> Bob Steele
> email: rsteele at 1stlink.net
>
[SNIP]
More information about the bind-users
mailing list