Hidden Master

Michael Kjorling michael at kjorling.com
Tue Nov 6 21:54:09 UTC 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Nov 6 2001 16:42 -0500, Chimento, Douglas wrote:

> I assume that the below implementation is ok , meaning that are no critical
> issues.
> unparticular I am concerned with the  SOA record
> Thanks
>
>
> MASTER SERVER: realmaster
> address: 192.168.0.1
> named.conf :
> ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
>
> 		zone hideme.com IN {
> 		   type master;
> 	  		file "hideme.com"
> 		};
>
> ;;;;;;;;;;;;;;;;;;;;; END NAMED.CONF ;;;;;;;;;;;;;;;;;;;;

Looks OK apart from the missing semicolon after 'file "hideme.com"',
but you probably want more to your named.conf than this (especially if
you're using BIND 9). But that's a different issue.


> FILE: hideme.com
>
> ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
> @  86400   IN      SOA   ns1 fwis (

In a stealth master configuration, you have to set the SOA MNAME to
the "real" master, not the published one. At least I think it is that
way. Would someone please confirm or deny this?

>             3600
> 		6400
> 		604800
> 		86400 )
>
>         86400   IN      NS      ns1
>         900     IN      MX      10 mail1
>         900     IN      MX      10 mail2
>
> testing 15      IN      WKS     207.252.119.31  tcp  telnet

Aren't WKS RRs since long deprecated?


> ns1               IN      A       207.252.119.31
> srp00           IN      A       207.252.119.32
>
> ;;;;;;;;;;;;;;;;;; end FILE hideme.com ;;;;;;;;;;;;;;;;;;
>
>
>
> ----------------------------------------------------------------------------
> --------------------------
>
> Slave Server: ns1.hideme.com
> ADDRESS: 207.252.119.31
>
> named.conf:
> 	zone hideme.com {
> 		type slave;
>    	           file "hideme.com";
>        	           masters { 192.168.0.1;  };  // The "realmaster"
> 	};

Looks OK to me, with the same reservation as above. (And of course
assuming that ns1 can get to 192.168.0.1 somehow.)


Michael Kjörling

- -- 
Michael Kjörling  --  Programmer/Network administrator  ^..^
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e   \/
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4

"There is something to be said about not trying to be glamorous
and popular and cool. Just be real -- and life will be real."
(Joyce Sequichie Hifler, September 13 2001, www.hifler.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html

iD8DBQE76FwFKqN7/Ypw4z4RAuejAJ0TJgpgZQHGsn6mmEDCU70RgsEjIQCeLj59
0GcSLxBN2w1JaQ+r41rqwSY=
=o3Y5
-----END PGP SIGNATURE-----

More information about the bind-users mailing list