reverse lookup question
Barry Margolin
barmar at alum.mit.edu
Sat Sep 25 04:56:50 UTC 2004
In article <cj2kb7$2rcr$1 at sf1.isc.org>, ragan_davis at colstate.edu wrote:
> Barry,
>
> Thanks for the response. I think I've almost got it. Could you give me what
> the internal view might look like in named.conf, according to your solution
> (with zones, etc.)?
view "internal" {
...
zone "public.reverse.domain.com" {
...
};
zone "internal.reverse.domain.com" {
...
};
zone "2.3.4.in-addr.arpa" {
...
};
};
view "public" {
...
zone "public.reverse.domain.com" {
...
};
zone "2.3.4.in-addr.arpa" {
...
};
};
Both views would use the same 2.3.4.in-addr.arpa zone file. But since
the internal.reverse.domain.com zone doesn't exist in the public zone,
the CNAME records that point into it will not refer to anything.
>
> thanks!
>
> ----- Original Message -----
> From: Barry Margolin <barmar at alum.mit.edu>
> Date: Friday, September 24, 2004 8:26 pm
> Subject: Re: reverse lookup question
>
> > In article <cj2bmc$28t8$1 at sf1.isc.org>, ragan_davis at colstate.edu
> > wrote:
> > > Hi,
> > >
> > > Just wondering if anyone knows of a way to restrict who can
> > perform reverse
> > > lookups? I was able to restrict normal (forward) lookups using
> > "view". My
> > > problem is that the addresses I would like to restrict reverse on
> > are
> > > scattered among IP's that I DO NOT want to restrict. Any ideas?
> > >
> > > Here's an example:
> > >
> > > 1 IN PTR host1.domain.com.
> > > 2 IN PTR host2.domain.com.
> > > 3 IN PTR host3.domain.com.
> > > 4 IN PTR host4.domain.com.
> > >
> > > I want everyone to be able to reverse lookup on 1 and 3, but only
> > certain
> > > internal clients to do reverse lookup on 2 and 4. Is this
> > possible?
> >
> > You could use a technique similar to RFC 2317. Make the in-
> > addr.arpa
> > records CNAME records:
> >
> > 1 IN CNAME 1.public.reverse.domain.com.
> > 2 IN CNAME 2.internal.reverse.domain.com.
> > 3 IN CNAME 3.public.reverse.domain.com.
> > 4 IN CNAME 4.internal.reverse.domain.com.
> >
> > Put both public.reverse.domain.com and internal.reverse.domain.com
> > in
> > your internal view, but only public.reverse.domain.com in your
> > public
> > view. These two zones would contain the actual PTR records.
> >
> > > Also, another dumb question -- do you have to name reverse lookup
> > files in
> > > the form "1.2.3.4.in-addr.arpa"? Or could you use a name like
> > > "special-revers.in-addr.arpa" or something?
> >
> > You can name *files* anything you want. I think you actually meant
> > to
> > ask about the zone names, not the file names.
> >
> > When someone is performing a reverse lookup, they're going to take
> > an IP
> > address like 1.2.3.4 and look for 4.3.2.1.in-addr.arpa. If you
> > don't
> > name your reverse zone according to that scheme, they won't find
> > it.
> > However, by using CNAME records, you can map names from the
> > conventional
> > scheme to any other scheme you want.
> >
> > --
> > Barry Margolin, barmar at alum.mit.edu
> > Arlington, MA
> > *** PLEASE post questions in newsgroups, not directly to me ***
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by the CSU Email Gateway, and is
> > believed to be clean.
> >
> >
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list