BIND redirect all lookups
akmattb
boswell.matt at gmail.com
Fri Mar 21 19:56:42 UTC 2008
On Mar 21, 11:26 am, Barry Margolin <bar... at alum.mit.edu> wrote:
> In article <fs0v0r$312... at sf1.isc.org>,
> David Ford <da... at blue-labs.org> wrote:
>
> > akmattb wrote:
> > > I am in the process of trying to setup a quarantine type vlan on our
> > > company network. I would like to have any computer on that network
> > > have DNS lookups redirected to a local web server that displays a
> > > terms or use page, and other misc information
>
> Create a view on your DNS server that's authoritive for the root zone,
> and this zone contains a wildcard A record that points to your special
> web server. Then put the IPs of the quarantined machines into the
> view's client match ACL.
>
>
>
> > Entirely as an aside, there is nothing about "VLAN" that adds any form
> > of security. It's simply 4 extra bytes in the link layer header.
> > Please keep that in mind.
>
> But it's added and processed by the switches, not the leaf nodes, so the
> users can't forge it or get around it.
>
> --
> Barry Margolin, bar... at alum.mit.edu
> Arlington, MA
> *** PLEASE don't copy me on replies, I'll read them in the group ***
helpdesk4 is the name of the server bind is running on ... its the
only servers that end machines will have contact with.
would this be like the following for named.conf:
zone "." {
type master;
file "db.lockdown";
};
then in db.lockdown:
$ORIGIN helpdesk4.
$TTL 86400
@ IN SOA helpdesk4. helpdesk4. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
* IN A 192.168.86.1
More information about the bind-users
mailing list