Migrating from W2K DNS to Bind

Ronald I. Nutter ronald_nutter at georgetowncollege.edu
Fri Apr 29 12:53:31 UTC 2005 

Thanks to Cricket and others who have answered my questions recently.  I
am thinking about taking on another project - getting rid of W2K for
external DNS.  I have to keep the server running W2K for another reason
but want to change to Bind. The W2K box is my primary and the linux box
is secondary.  To minimize downtime, I am trying to figure out the best
way to make the change.  Should I make the linux box which is a
secondary DNS, the primary and then uninstall DNS on the W2K box,
installed Bind and bring it up as a secondary ?  Any suggestions on
making this kind of migration ?

Thanks,
Ron

--------------------------------------------------------------------
Ron Nutter                          ron_nutter at georgetowncollege.edu=20
Network Infrastructure & Security Manager
Information Technology Services                        (502)863-7002
Georgetown College                                    =20
Georgetown, KY                                            40324-1696
--------------------------------------------------------------------
=20

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Robert Vangel
Sent: Friday, April 29, 2005 5:43 AM
To: bind-users at isc.org
Subject: Re: preventing queries to servers


markdv.bind at asphyx.net wrote:
> Hi,
>=20
> I would like to prevent queries to rcf1918 addresses on a caching=20
> nameserver.
>=20
> The server has a public IP to which clients query. But it is also=20
> connected to 'back-end' networks using rcf1918 addresses. I would like

> to prevent queries sent over this network when public zones contain ns

> records resolving to rfc1918 addresses in ranges I also use.
>=20
> I was thinking along the lines:
>=20
> server 10.0.0.0/8 {
>     bogus yes;
> };
>=20
> but the 'server' statement only allows ip_addr and not ip_prefix... Is

> there some other way to achieve the same thing?
>=20
> wouldn't it be usefull if 'server' also supported ip_prefix? Or even=20
> an acl?
>=20
> Regards,
> Mark.
>=20
>=20
allow-query { localnets; }; ?


-- Binary/unsupported file stripped by Ecartis --
-- Type: application/x-pkcs7-signature
-- File: smime.p7s
-- Desc: S/MIME Cryptographic Signature

More information about the bind-users mailing list