No subject

Roberto Carna robertocarna36 at gmail.com
Tue Feb 19 18:29:02 UTC 2019 

Dear Matus and Kevin, please tell me if it's OK if I do thsi:

*named.conf:*
include "/etc/bind/named.conf.default-zones";

*named.conf.default-zones:*
recursion yes;
zone "teamviewer.com" {
    type forward;
    forwarders { 8.8.8.8; };
};

*named.conf.local:*
<empty>

I define "recursion yes" in named.conf.default-zones.

Thanks again, regards !!!

El mar., 19 feb. 2019 a las 15:13, Matus UHLAR - fantomas via bind-users (<
bind-users at lists.isc.org>) escribió:

> On 19.02.19 09:45, Roberto Carna wrote:
> >Dear Kevin, I am sorry but I didn't see your past response.
> >
> >Please can you show me with an example what you say: "Define root zone.
> >Delegate teamviewer.com from root. Define teamviewer.com as 'type
> forward'".
> >
> >An also what is the benefit in defining a root zone with the
> teamviewer.com
> >delegated into it??? Because I put to work this zone just as a forward
> >zone, without a root zone definition.
>
> the benefit is it does exactly what you want.
> the "teamviewer.com" zone of type forward causes DNS resolution of
> teamviewer.com
> domain.
> the root zone effectively disables everything else (because bind thinks
> nothing else exists).
>
> >El lun., 18 feb. 2019 a las 17:00, Kevin Darcy (<kevin.darcy at fcagroup.com
> >)
> >escribió:
> >
> >> I've already posted a solution for this. Basically, "Define root zone.
> >> Delegate teamviewer.com from root zone. Define teamviewer.com as 'type
> >> forward'".
> >>
> >> "Recursion yes" is implied. No views necessary. It doesn't make any
> sense
> >> anyway, to have the same match-clients list for all of one's views,
> since
> >> the first one matched is the one that's used.
> >>
> >> Did you not see my response, or did you perhaps dislike the approach I
> >> suggested?
> >>
> >> There was some subsequent discussion about not relying on DNS resolution
> >> as one's *only* control over what sites one's clients can or cannot
> access.
> >> While I agree with that, my position is that there's nothing wrong with
> >> controlling DNS resolution, in addition to other controls.
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> M$ Win's are shit, do not use it !
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190219/76c6a85f/attachment-0001.html>

More information about the bind-users mailing list