"Stealth" bind server in uncooperative organization
Barry Margolin
barmar at alum.mit.edu
Thu Jun 30 03:34:00 UTC 2005
In article <d9vcsi$3pi$1 at sf1.isc.org>, meburr at gmail.com wrote:
> The company I work for has been acquired by a huge Windows shop. I'd
> like to set up an authoritative server for what is now a "remote
> office" (the acquired company). A sub-domain isn't an option. I've
> asked.
>
> I want to be able to add records for hosts on our network, without
> having to go through corporate IS (submit a ticket and wait, and wait).
> I could set up a server for a sub-domain of my choosing, but I want for
> my hosts to be resolvable outside of our office. Of course for these
> I'll have to go through IS.
>
> As far as I can tell, if I'm authoritative for foo.com, I cannot do any
> kind of forwarding for hosts that my server doesn't know about within
> foo.com. Is there any way around this? As a last resort, I was thinking
> about a script that would look up hosts that fail using a different
> nameserver, and add them to my zone. If that's what I have to do, is
> there a hook somewhere that I could use, like a "failed-queries-script"
> parameter?
Don't make yourself authoritative for foo.com. Create separate zones
for each of the xxx.foo.com hosts you want to be authoritative for.
zone "host1.foo.com" {
type master;
file "host1.db";
};
zone "host2.foo.com" {
type master;
file host2.db";
};
....
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list