How to control own domain/zonefile ?

Barry Margolin barmar at alum.mit.edu
Thu Dec 7 04:20:37 UTC 2006 

In article <el801h$2jsd$1 at sf1.isc.org>,
 Clenna Lumina <savagebeaste at yahoo.com> wrote:

> If I may ask just one more question, how exactly would 
> I set up bind so I can:
> 
> 
> 1) handle mydomain.com (as I mentioned in my 
>    original post.) I can easily set the 
>    name server entry in my registrars DNS applet.

Configure the mydomain.com zone in your named.conf file.

> 2) handle local.mydomain.com, as a sub domain of 
>    sorts thats only valid on the local LAN that 
>    my linux server is a part of; only computers 
>    on this LAN are assigned local.mydomain.com. 
>    The dhcpd that comes with linux make it easy 
>    to set that for clients.
> 
>    IE:
>       foo.local.mydomain.com => client host 'foo' 
>       bar.local.mydomain.com => client host 'bar' 
>       ...
> 
>    Also local.mydomain.com is NOT to be 
>    accessible from the internet.. LAN only.

Configure the local.mydomain.com zone in your named.conf file, and use 
the "allow-query" option in the zone to restrict access to your local 
subnet.

> 3) And finally, I want my bind to also foward 
>    outside-destined requests to our ISP's DNS 
>    server(s), that way the clients can use the 
>    Linux's ip for DNS for everything.

Why do you want to do that?  What's wrong with the default behavior of 
iterating from the root servers?

But if you really prefer to use your ISP's servers rather than iterating 
yourself, use the "forwarders" option.

> I also want to be able to keep the mydomain.com zone 
> file seperate from the local.mydomain.com zone file, 
> as the latter is for the LAN only and need not be 
> accessible from the internet.

zone "mydomain.com" {
  type master;
  file "db.mydomain.com";
};
zone "local.mydomain.com" {
  type master;
  file "db.local.mydomain.com";
  allow-query { 192.168.1.0/24; localhost; };
};

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list