[TriLUG] Slides from last night's DNS Presentation

Rick DeNatale rick.denatale at gmail.com
Fri Oct 15 17:19:03 EDT 2004


But, since the benefit of zones seems to be to provide one view to the
outside, and another to the inside, if the only folks who can see my
name server are on the inside, what benefit would it give me?

I was trying to remember why I made my zone
local.denhaven2.homeip.net, and it just came to me, it was so that I
could actually get to the router's internet address, since it wouldn't
go out to dyndns which is authoritative for both dyndns.homeip.net and
denhaven2.dyndns.net to get it, although there might be a better way
to accomplish that.

On Fri, 15 Oct 2004 17:02:38 -0400, Ryan Leathers
<ryan.leathers at globalknowledge.com> wrote:
> the use of views does not require you to expose anything to the internet.
> all you are doing is matching a source address in order to decide which
> collection of zone records to use to answer the query.
> 
> 
> 
> 
> -----Original Message-----
> From: Rick DeNatale [mailto:rick.denatale at gmail.com]
> Sent: Friday, October 15, 2004 4:12 PM
> To: Triangle Linux Users Group discussion list
> Subject: Re: [TriLUG] Slides from last night's DNS Presentation
> 
> Another thank you for last night's session.
> 
> Apropos the discussion of BIND security, gmail popped in with this
> link http://www.circleid.com/article/774_0_1_0_C/ as a "comment" on
> this thread.
> I thought that some might find it interesting.
> 
> I've got a few other thoughts which were provoked by the session.
> 
> 1) The discussion of black hole lists as interesting, and hit one of
> my hot buttons, which is ISPs which use dnsrbls (or rbls in general)
> like SpamCop to bounce e-mail rather than as one positive indication
> of spam so that a tool like Spamassassin can tag it. Much as I had
> spam and junkmail, I'd rather have it delivered and let me and my
> tools decide it's junk rather than the postman throughing good mail
> away with the bad.  Most rbls have warnings against using them in this
> way, but it seems that lots of ISPs ignore them either ignorantly or
> even actively feeling that the reduction in load on their servers is
> worth thowing away a "few" of their customers' emails.  I got into
> running my own local mail server just to avoid problems with this. I'm
> amazed at how much spam gets through on my ISP email account only to
> be caught by SA.
> 
> 2) I looked into the view feature of BIND 9, I'm not sure that it's
> usable in my situation. My home lan is behind a Netgear NAT router.
> I've got a dyndns free dns listing for denhaven2.homeip.net which
> resolves (via dyndns.org's name servers to my router's address. Inside
> the lan, I run BIND on a linux server which forwards to the router
> (which in turn forwards to the name servers it gets from the ISP via
> DHCP). Dyndns wildcards the hostnames in my domain, and the NAT router
> uses it's virtual server by ports to route to the right machines
> inside. My BIND server has a zone for local.denhaven2.homeip.net to
> resolve the addresses of machines on the lan. Now views would let me
> have names like fred.denhaven2.homeip.net instead of
> fred.local.denhaven2.homeip.net, but to do this, I'd need to expose my
> name server to the internet right? Dyndns doesn't appear to support
> this for an dynamic ip address even if I wanted to pay for it. Does it
> even make sense to be thinking about this in the typical home setup
> with a single exposed ip address?
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>



More information about the TriLUG mailing list