Ancient history - using a port other than 53 for DNS

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Fri Mar 22 17:14:57 UTC 2002 

Dennis Kelly <kellyrd at nauticom.net> wrote:


> phn at icke-reklam.ipsec.nu wrote:

>> How about discussing THE PROBLEM first - chances are
>> that you are not helped by running another named bound to
>> another port.
>>

> All right, here goes, but I warned you.

Have you read about bind-9 Views ?

Views will make the answer depend on the questioneers ip-address, 
coming from outside - return "outside answer", coming from inside - 
return "internal answer"


> I manage a small domain which is essentially the outside presence of our
> company. Our inside is a very large domain, managed by a support organization.
> For my small domain, I keep separate DNS for inside and outside so as to hide
> some hosts and to correctly direct MX to the border servers without undo
> rejects. I use h2n to build tables for both my inside and outside at the same
> time on a single server (we'll call it A). That server is primary master for
> the outside tables, and my Internet advertised DNS servers zone transfer from
> that primary master (A). There are 2 inside DNS servers (we'll call them B and
> C) which need to get the inside version of the tables, and to date, I'm using
> manual transfers to those servers. B and C think they are primary for the
> transferred tables. I do not have control of B and C (they also operate to
> master the large internal domain), so I must except their 4.[89].x versions of
> bind. I do have the delegated privilege of moving my tables to B and C and
> executing SIGHUP.

> This domain, as you might have guessed is particularly stable; changes occur
> approximately bi-monthly. However, this process recently became more complex,
> so I was looking for a way to automate the inside transfers. My idea was that I
> would run a second named on A at an alternate port, and have servers B and C
> setup as secondaries to A. Clearly, the zone transfer request from B to A and
> from C to A would have to target the alternate port on A, instead of the normal
> 53 port, in order to get the alternate data. The question, then was, "can I
> specify an alternate port which applies to a single host in a secondary zone
> line of a named.boot file?"

> My obvious alternative is to build an A-prime to take the role of primary
> master for the inside version of the tables, but that looks less elegant.



> -- Binary/unsupported file stripped by Ecartis --
> -- Type: text/x-vcard
> -- File: kellyrd.vcf
> -- Desc: Card for Dennis Kelly




-- 
Peter Håkanson         
        IPSec  Sverige      (At the Riverside of Gothenburg, home of Volvo)
           Sorry about my e-mail address, but i'm trying to keep spam out.
	   Remove "icke-reklam" and it works.

More information about the bind-users mailing list