dealing with multi-homed machine

Mark Andrews marka at isc.org
Wed Feb 9 02:33:32 UTC 2011 

In message <C7798A38-E7AE-4112-A6B6-8CA117FEEE81 at beth.k12.pa.us>, donovan jeffr
ey j writes:
> 
> On Feb 8, 2011, at 5:17 PM, Mark Andrews wrote:
> 
> > 
> > In message <3AD9C812-CBA3-4DCD-A27E-26E63D912865 at beth.k12.pa.us>, donovan j
> effr
> > ey j writes:
> >> Greetings
> >> 
> >> I have an external dns server that serves a group of systems. One of the s
> yst
> >> ems has a secondary interface with private address space. Dns should not b
> e r
> >> equesting from here but i am seeing these warnings coming from my external
>  sy
> >> stem;
> >> 
> >> security: warning: client 209.96.96.108#49534: view com.basd.DNS.public: R
> FC 
> >> 1918 response from Internet for 108.1.135.10.in-addr.arpa
> >> 
> >> 
> >> how do I keep that internal zone from being seen ? Do I have to firewall d
> ns 
> >> queries between interfaces on the server ?
> >> tia
> > 
> > Please go read the FAQ. http://www.isc.org/software/bind/faq
> 
> thanks mark,
> 
> It appears my case may be a programming error from the server admin. But this
> brings up the case of views.
> 
> on my external dns server i should add an empty zone file ? what does that se
> nd back to the offending request?

It sends back NXDOMAIN responses except for apex queries.  This is all
the public servers do.

> zone "10.IN-ADDR.ARPA" {
>         type master;
>         file "empty";
> };
> 
> is there a way i can redirect him back to the Internal dns server for 1918 re
> quests,... ( and i think the answer is ,.. let the internal answer the initia
> l request so it never comes up to the outside).

The internal DNS servers, handed out by DHCP, should be configured
to serve the IN-ADDR.ARPA reverse zones for the RFC 1918 addresses
you are using.  You can then add PTR records for your internal
machines using RFC 1918 addresses.

Because they wern't configured to do so the queries leaked out to
the Internet and the code to report these leaks kicked in.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list