reverse lookup question
ragan_davis at colstate.edu
ragan_davis at colstate.edu
Sat Sep 25 01:58:48 UTC 2004
Barry,
Thanks for the response. I think I've almost got it. Could you give me what the internal view might look like in named.conf, according to your solution (with zones, etc.)?
thanks!
----- Original Message -----
From: Barry Margolin <barmar at alum.mit.edu>
Date: Friday, September 24, 2004 8:26 pm
Subject: Re: reverse lookup question
> In article <cj2bmc$28t8$1 at sf1.isc.org>, ragan_davis at colstate.edu
> wrote:
> > Hi,
> >
> > Just wondering if anyone knows of a way to restrict who can
> perform reverse
> > lookups? I was able to restrict normal (forward) lookups using
> "view". My
> > problem is that the addresses I would like to restrict reverse on
> are
> > scattered among IP's that I DO NOT want to restrict. Any ideas?
> >
> > Here's an example:
> >
> > 1 IN PTR host1.domain.com.
> > 2 IN PTR host2.domain.com.
> > 3 IN PTR host3.domain.com.
> > 4 IN PTR host4.domain.com.
> >
> > I want everyone to be able to reverse lookup on 1 and 3, but only
> certain
> > internal clients to do reverse lookup on 2 and 4. Is this
> possible?
>
> You could use a technique similar to RFC 2317. Make the in-
> addr.arpa
> records CNAME records:
>
> 1 IN CNAME 1.public.reverse.domain.com.
> 2 IN CNAME 2.internal.reverse.domain.com.
> 3 IN CNAME 3.public.reverse.domain.com.
> 4 IN CNAME 4.internal.reverse.domain.com.
>
> Put both public.reverse.domain.com and internal.reverse.domain.com
> in
> your internal view, but only public.reverse.domain.com in your
> public
> view. These two zones would contain the actual PTR records.
>
> > Also, another dumb question -- do you have to name reverse lookup
> files in
> > the form "1.2.3.4.in-addr.arpa"? Or could you use a name like
> > "special-revers.in-addr.arpa" or something?
>
> You can name *files* anything you want. I think you actually meant
> to
> ask about the zone names, not the file names.
>
> When someone is performing a reverse lookup, they're going to take
> an IP
> address like 1.2.3.4 and look for 4.3.2.1.in-addr.arpa. If you
> don't
> name your reverse zone according to that scheme, they won't find
> it.
> However, by using CNAME records, you can map names from the
> conventional
> scheme to any other scheme you want.
>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
>
>
> --
> This message has been scanned for viruses and
> dangerous content by the CSU Email Gateway, and is
> believed to be clean.
>
>
More information about the bind-users
mailing list