Re: Securing DNS


Subject: Re: Securing DNS
From: Darron Froese (darron@froese.org)
Date: Thu Nov 22 2001 - 10:48:11 MST


On 11/21/01 6:04 PM, "Duane Murphy" <duanemurphy@mac.com> wrote:

> I chose to put all my local addresses into my external domain name. For
> example abc.com would be the external domain name. I have addresses for
> example www.abc.com that are external but I also have address for things
> like ws1.abc.com for workstation 1. This resolved to a local (192.168.1)
> address.
>
> Is there any way to not send these extra address out? It seems if they
> are in the same domain that have to be sent out together and resolution
> all occurs together.

You're correct - I don't know of a way to acl certain hostnames in a hosts
file.

I worked around this by creating a separate subdomain 'internal.domain.com'
and then giving hostnames like this 'workstation.internal.domain.com' to my
internal private network.

Then I would just create a separate hosts file for that subdomain and set it
up so that it can't be resolved outside of my LAN:

zone "internal.domain.com" {
       type master;
       file "internal.domain.com.hosts" ;
       allow-query { local.ip.addresses.here;
               another.local.address.of.firewall;
       };
};

That's how I worked around it.



This archive was generated by hypermail 2a24 : Thu Nov 22 2001 - 11:01:06 MST