[TriLUG] Bind9 Hand-hold question (or alternative)
Joseph Mack NA3T
jmack at wm7d.net
Sat Mar 7 16:42:20 EST 2009
On Sat, 7 Mar 2009, Brian Henning wrote:
> So for now, I've set up /etc/named.conf as follows:
>
> options {
> forward first;
> forwarders {
> x.y.z.w; # (hard-coded outside dns server 1)
> x.y.z.w; # (hard-coded outside dns server 2)
> };
> };
this is what I do. You could put in opendns servers rather
than the ISP's DNS servers.
> 1) Is the above named.conf "safe"? iptables will be preventing any outside
> access to bind...but does the above simple config leave open any room for
> nasty dns tricks like poisoning or whatever?
beats me. I just haywired it together.
> 2) Is there a way to get the list of forwarders from resolv.conf?
I didn't want the router to have the ISP's DNS machines for
DNS. I wanted them all going to the DNS on the router. S my
router (the machine providing the above DNS), has its own IP
in its fixed resolv.conf, so that all machines inside
(whether on fixed IPs, or laptops using dhcp and which
update the local DNS), resolve through bind on the router.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
More information about the TriLUG
mailing list