Re: [PLUG] home dns notes

Bill Jonas on Sun, 5 Aug 2001 20:40:06 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] home dns notes

From: Bill Jonas <bill@billjonas.com>

To: PLUG <plug@lists.phillylinux.org>

Subject: Re: [PLUG] home dns notes

Date: Sun, 5 Aug 2001 20:30:43 -0400

Mail-followup-to: PLUG <plug@lists.phillylinux.org>

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.2.5i

On Sun, Aug 05, 2001 at 05:31:48PM -0400, Jeff Abrahamson wrote: > The problem is that if I claim authority over purple.com, I can't see > the outside purple things (www, list). If I claim authority over a > subdomain, I don't get there, since the lookups are com --> > purple.com, which doesn't know about home.purple.com subdomain. Is there something I'm missing here? I can declare myself authoritative, for example, over doubleclick.net, or ads.doubleclick.net (to block ads and cookies by making them all resolve to 127.0.0.1 or something), or, for that matter, .co.uk, or .co.jp, or whatever I want to, and have the changes take effect. All you need to do is point your internal machines at the DNS server *you're* running, and vu-vlsi.ee.vill.edu, ns1.misty.com, and ftp.ee.vill.edu (your nameservers) will never even see your request for home.purple.com addresses. If you leave the clients set to point to your ISP's nameservers then you'd run into the situation you described. Now, you may be thinking, wouldn't this slow you down, since you'd be querying hostnames from the root servers for each new request instead of taking advantage of the fact that your ISP's nameservers might already have the lookup cached? Well, I'm glad you asked. ;-) In your named.conf, assuming you're running BIND v8 (the BIND v9 syntax probably wouldn't be (much) different), you'd put something like the following in your "options" section (this is mostly from memory, check the docs for an authoritative (pun intended) answer): forwarders { A.B.C.D; W.X.Y.Z; }; forward-first; ...where A.B.C.D and W.X.Y.Z are you're ISP's nameserver IP addresses. This will cause BIND to query them first for any host which it doesn't already know about. And since you're querying your nameserver first, it "intercepts" the requests for home.purple.com and answers them, and those queries never go out on the 'Net. -- Bill Jonas * bill@billjonas.com * http://www.billjonas.com/ "As we enjoy great advantages from the inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously." -- Benjamin Franklin ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

References:

[PLUG] home dns notes
From: Jeff Abrahamson <jeff@purple.com>

Prev by Date: Re: [PLUG] home dns notes

Next by Date: Re: [PLUG] home dns notes

Previous by thread: Re: [PLUG] home dns notes

Next by thread: RE: [PLUG] home dns notes

Index(es):

Date

Thread