Same Question ...
Desmond Coughlan
desmond at cybercable.fr
Mon May 28 10:42:12 UTC 2001
Le 25.05.01, Kevin Darcy a écrit :
{snip}
>So, next question: how is dnsx (the problem child) configured? Looks like it
>has no knowledge of the 168.192.in-addr.arpa namespace and has recursion
>turned off. Note that you have a duty to prevent bogus 168.192.in-addr.arpa
>queries from leaking out onto the Internet. So please give dnsx knowledge of
>the 168.192.in-addr.arpa namespace *before* enabling recursion on the box.
If I were to create a file in /etc/namedb called 168.192.rev and
edit that file to resemble 127.0.0 (with the obvious differences, such
as '168.192.in-addr.arpa. SOA' etc.), would that be enough ?
>Of course, I'm assuming here that dnsx is supposed to have some form of
>connectivity to the Internet DNS, either directly or by forwarding through
>another server. If that's not true, then that's an even more fundamental
>configuration problem: it shouldn't be configured with the Internet root
>hints file at all in that case.
The machine has no access to the 'real' Internet; it can only 'leave' this
domain, via a leased line, to company.us.com in the United States.
>And please use "dig", as you've been told before. *Always*. nslookup sucks
>and is complicating your troubleshooting here.
How can I use dig to check for lookups from my Ultra-5, when it isn't
installed on it ?
These questions may appear dumb; I'm still waiting for my copy of 'DNS &
BIND' to arrive ... :(
D.
--
Desmond Coughlan |Restez Zen ... UNIX peut le faire
desmond at cybercable.fr |YGL#4 YFC#1 YFB#1 UKRMMA#14 two#38
http://www.chez.com/desmondcoughlan/
Clé Publique: http://www.chez.com/desmondcoughlan/pgp/pubring.pkr
More information about the bind-users
mailing list