No subject

Kevin Darcy kevin.darcy at fcagroup.com
Wed Feb 20 19:41:07 UTC 2019 

"type master".

It must contain the mandatory records that all zones require -- exactly 1
SOA and at least 2 NSes. You'll need some A/AAAA records to resolve the NS
names into addresses. What the NSes point to is pretty much irrelevant, if
all of your clients are stub resolvers and only look up leaf records (A,
AAAA, MX, etc.)

For the teamviewer.com delegation, you'll need at least 2 NSes, but you can
point those to the same names as the apex NSes, if you wish. That would
save you from having to populate more A/AAAA records in the zone.

If you haven't created a master file before, you might want to study up.
There are a few rules that need to be followed, and certain mistakes to be
avoided (although, for the root zone, the most common mistake -- failure to
dot-terminate names -- tends to be a non-issue :-)


                     - Kevin

On Wed, Feb 20, 2019 at 8:49 AM Roberto Carna <robertocarna36 at gmail.com>
wrote:

> Dear Crist, sorry but I can understand at all what you say.....please I
> ned to ask you again:
>
> You tell me to do this:
>
> zone "." {
>     type master;
>     file "empty.db";
> };
>
> The root zone Is "type master"  or "type hint" ???
>
> The empty.db is really an empty file with no data at all ???
>
> And where do I have to put my current file:
>
> recursion yes;
> zone "teamviewer.com" {
>     type forward;
>     forwarders { 8.8.8.8; };
> };
>
> Thanks in advance, I'll be waiting for your response please.
>
> Greetings!!!
>
> El mié., 20 feb. 2019 a las 0:57, Crist Clark (<cjc+bind-users at pumpky.net>)
> escribió:
>
>> You need to explicitly define the root zone. Last I knew, BIND still
>> gets the root zone hardcoded into the executable and will try to Do
>> the Right Thing and find the root on its own even if the administrator
>> does not define one or provide hints.
>>
>> You need something like,
>>
>> zone "." {
>>     type master;
>>     file "empty.db";
>> };
>>
>>
>> On Tue, Feb 19, 2019 at 10:29 AM Roberto Carna <robertocarna36 at gmail.com>
>> wrote:
>> >
>> > Dear Matus and Kevin, please tell me if it's OK if I do thsi:
>> >
>> > named.conf:
>> > include "/etc/bind/named.conf.default-zones";
>> >
>> > named.conf.default-zones:
>> > recursion yes;
>> > zone "teamviewer.com" {
>> >     type forward;
>> >     forwarders { 8.8.8.8; };
>> > };
>> >
>> > named.conf.local:
>> > <empty>
>> >
>> > I define "recursion yes" in named.conf.default-zones.
>> >
>> > Thanks again, regards !!!
>> >
>> > El mar., 19 feb. 2019 a las 15:13, Matus UHLAR - fantomas via
>> bind-users (<bind-users at lists.isc.org>) escribió:
>> >>
>> >> On 19.02.19 09:45, Roberto Carna wrote:
>> >> >Dear Kevin, I am sorry but I didn't see your past response.
>> >> >
>> >> >Please can you show me with an example what you say: "Define root
>> zone.
>> >> >Delegate teamviewer.com from root. Define teamviewer.com as 'type
>> forward'".
>> >> >
>> >> >An also what is the benefit in defining a root zone with the
>> teamviewer.com
>> >> >delegated into it??? Because I put to work this zone just as a forward
>> >> >zone, without a root zone definition.
>> >>
>> >> the benefit is it does exactly what you want.
>> >> the "teamviewer.com" zone of type forward causes DNS resolution of
>> teamviewer.com
>> >> domain.
>> >> the root zone effectively disables everything else (because bind thinks
>> >> nothing else exists).
>> >>
>> >> >El lun., 18 feb. 2019 a las 17:00, Kevin Darcy (<
>> kevin.darcy at fcagroup.com>)
>> >> >escribió:
>> >> >
>> >> >> I've already posted a solution for this. Basically, "Define root
>> zone.
>> >> >> Delegate teamviewer.com from root zone. Define teamviewer.com as
>> 'type
>> >> >> forward'".
>> >> >>
>> >> >> "Recursion yes" is implied. No views necessary. It doesn't make any
>> sense
>> >> >> anyway, to have the same match-clients list for all of one's views,
>> since
>> >> >> the first one matched is the one that's used.
>> >> >>
>> >> >> Did you not see my response, or did you perhaps dislike the
>> approach I
>> >> >> suggested?
>> >> >>
>> >> >> There was some subsequent discussion about not relying on DNS
>> resolution
>> >> >> as one's *only* control over what sites one's clients can or cannot
>> access.
>> >> >> While I agree with that, my position is that there's nothing wrong
>> with
>> >> >> controlling DNS resolution, in addition to other controls.
>> >>
>> >> --
>> >> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
>> >> Warning: I wish NOT to receive e-mail advertising to this address.
>> >> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>> >> M$ Win's are shit, do not use it !
>> >> _______________________________________________
>> >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>> >>
>> >> bind-users mailing list
>> >> bind-users at lists.isc.org
>> >> https://lists.isc.org/mailman/listinfo/bind-users
>> >
>> > _______________________________________________
>> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>> >
>> > bind-users mailing list
>> > bind-users at lists.isc.org
>> > https://lists.isc.org/mailman/listinfo/bind-users
>>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190220/b2c2737c/attachment.html>

More information about the bind-users mailing list