Listen on
chrism at sea.checkpoint.com
chrism at sea.checkpoint.com
Fri Nov 2 20:06:59 UTC 2001
Two things:
First, and most important - UPGRADE to a more recent version of BIND.
The current version of BIND 8 is 8.2.5-REL. The version that you have
running has *SERIOUS* security holes which could give a remote user
root access to your machine.
For more information on the security issues, please see:
http://www.isc.org/products/BIND/bind-security.html
You can download BIND 8.2.5-REL from ISC here:
ftp://ftp.isc.org/isc/bind/src/8.2.5/bind-src.tar.gz
The most recent (official) RPM for BIND 8 I could find was BIND 8.2.3,
which will also fix the security issues. Perhaps someone on this list
knows where to find a more recent RPM. The 8.2.3 RPM is downloadable
from RedHat here:
ftp://ftp.redhat.com/pub/redhat/linux/updates/7.0/en/os/i386/bind-8.2.3-1.i386.rpm
As for your question, the solution would be to add the "listen-on"
statement to your options, similar to the following:
options {
<your other options go here>
listen-on { 172.16.1.2 ; } ;
};
For online documentation of different BIND 8 configuration options,
please see this page:
http://www.isc.org/products/BIND/docs/config/
The specific text you're looking for (in regards to this issue) is in
the link for "options" from that page, under "Interfaces" :
-------------------------------------------------------------------
Interfaces
The interfaces and ports that the server will answer queries from may
be specified using the listen-on option. listen-on takes an optional
port, and an address_match_list. The server will listen on all
interfaces allowed by the address match list. If a port is not
specified, port 53 will be used.
Multiple listen-on statements are allowed. For example,
listen-on { 5.6.7.8; };
listen-on port 1234 { !1.2.3.4; 1.2/16; };
will enable the nameserver on port 53 for the IP address 5.6.7.8, and
on port 1234 of an address on the machine in net 1.2 that is not
1.2.3.4.
If no listen-on is specified, the server will listen on port 53 on all
interfaces.
-------------------------------------------------------------------
Hope this helps!
- Chris
--
Chris Moore -- chrism at sea.checkpoint.com
Check Point Software Technologies, Inc. -- The Meta IP Group
http://www.checkpoint.com/products/metaip/index.html
On Fri, 02 Nov 2001 10:26:18 bind at col7.metta.lk wrote:
- - Hi all,
- - I run named 8.2.2-P5 on my RH7.0
- I have a bit of problem with my dns
- - I need to find the options available in bind,
- because I need to make bind listen on only one IP
- - Is there an option something like this.
- interface-listen-only-on 172.16.1.2 (my lan card ip)
- What happens is that when a user is logged in
- the dns will reload the dns and listen on
- - 172.16.1.2 my lan card
- 172.16.1.1 the ppp connetion.
- - Nov 3 00:22:20 narada named[5845]: listening on [127.0.0.1].53 (lo)
- Nov 3 00:22:20 narada named[5845]: listening on [172.16.1.2].53
- (eth0)
- Nov 3 00:22:20 narada named[5845]: listening on [172.16.1.1].53
- (ppp0)
- - I do not want it ever to listen on 172.16.1.1
- - Thanks for your help
- - Mettavihari
- - - Below is my named.conf
- -------------------------------------------------
- options {
- version "Not today!";
- pid-file "/var/named/named.pid";
- directory "/var/named";
- // statistics-interval 0;
- interface-interval 5;
- forward only;
- forwarders {};
- };
- - zone "." {
- type hint;
- file "root.hints";
- };
- zone "col7.metta.lk"{
- type master;
- file "pz/col7.metta.lk";
- notify no;
- };
- zone "metta.lk"{
- type master;
- file "pz/metta.lk";
- notify no;
- };
- zone "0.0.127.in-addr.arpa"{
- type master;
- file "pz/127.0.0";
- };
- zone "1.16.172.in-addr.arpa"{
- type master;
- file "pz/172.16.1";
- notify no;
- };
- - ------------------------------------------
- $TTL 86400 ; default time-to-live - 24 hours
- @ IN SOA narada.col7.metta.lk.
metta at col7.metta.lk.
- (
- 2000080506 ; serial
- 86400 ; refresh
- 36000 ; retry
- 2592000 ; expire
- 86400 ; default_ttl
- )
- @ IN NS col7.metta.lk.
- @ IN MX 10 narada.col7.metta.lk.
- localhost IN A 127.0.0.1
- narada IN A 172.16.1.1
- narada IN A 172.16.1.2
- narada IN MX 10 narada.col7.metta.lk.
- narada IN HINFO "Pentium-I" "Linux RH7.0"
- dvf IN A 172.16.1.3
- metta04 IN A 172.16.1.4
- metta05 IN A 172.16.1.5
- metta06 IN A 172.16.1.6
- metta07 IN A 172.16.1.7
- harsha IN A 172.16.1.8
- metta09 IN A 172.16.1.9
- col7.metta.lk. IN A 172.16.1.2
- col7.metta.lk. IN A 172.16.1.1
- col7.metta.lk. IN MX 10
narada.col7.metta.lk.
- - --------------------------------------------
- A saying of the Buddha from http://metta.lk/
- --------------------------------------------
- Whoever lives contemplating pleasant things, with senses unrestrained,
- in food immoderate, indolent, inactive, him verily Mara overthrows, as
- the wind (overthrows) a weak tree.
- Random Dhammapada Verse 7
- - - -
More information about the bind-users
mailing list