Bind 9
Zbyněk Burget
zburget at burgnet.cz
Thu Nov 26 20:00:12 CET 2009
Dan Lukes napsal(a):
> Zbyněk Burget napsal/wrote, On 11/25/09 21:10:
>> ledaze by to zkusil nekdo z vas (DNS je 217.197.159.194, je
>> autoritativni pro URL napr. www.sfproduction.cz).
>
> REFUSED
toho jsem se bal :-(
>
>> Napada vas nekoho, proc bind odmita resolvit pro nektere IP, i kdyz to
>> podle konfigurace delat nema?
>
> Podle me potrebujes dovolit dotazy odevsad - a rekurzivni dotazy jen ze
> svych siti.
asi tak nejak. Doted jsem to mel tak, ze byly dotazy povolene vsechny
odevsad. I kdyz to neni idealni konfigurace, nebyl s tim prozatim
problem. Mel jsem to na seznamu TO-DO, ale tak nejak na to zatim nebyl
cas :-(
>
> Bohuzel, nerek jsi moc presne, co t "odmital vyrizovat obecne DNS
> dotazy" znamena. Jestli top znamena, ze vubec nedorazila zadna odpoved,
> tak to je spis problem sitove konfigurace a/nebo firewallu. Bud' k nemu
> vubec nedorazi dotaz nebo zpatky nedorazi odpvoed.
>
> Jo, jestli odpovi a odpovi "REFUSED", tak to by bylo neco jineho.
Samozrejme jsem hledal, co kam dorazi a co se odpovida. Omlouvam se za
nepresnost, ono to opravdu odpovida "Refused".
Proto jsem v named.conf vyjmenoval site, ktere maji pravo dostavat
odpovedi a od toho okamziku mi to pro vnitrni site resolvi.
Potreboval bych tam minimalne zadat, aby resolvil vsechno pro vsechny.
Pak bude cas vychytavat, aby resolvil jen to co ma tem, co ma.
> Vim o jednom problemu, ktery BIND ma - jelikoz kratce po zacatku odhodi
> rootovska prava tak se nedokaze dodatecne bindnout na interface, ktere
> vzniknou az pozdeji. O tech problemech, ktere popisujes ty jsem nikdy
> neslysel (coz neznamena, ze neexistuji). Pro zacatek bych rozhodne
> vyloucil problem konfigurace site (nikoliv BINDu).
Myslim, ze problem je opravdu v bindu. Pro jistotu prikladam i
konfigurak, kdyby tam nekdo videl neco, co ja ne...
jedna se prakticky o defaultni named.conf, na konci jsou pripsany zony,
pro ktere je nameserver autoritativni.
predpokladam, ze soubory ron jsou pro tyto ucely (alespon prozatim)
nezajimave.
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
allow-query {zde jsem vyjmenoval vnitrni site - bez tohoto
radku to blbne};
disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
disable-empty-zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
disable-empty-zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
};
zone "." { type hint; file "named.root"; };
zone "localhost" { type master; file
"master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file
"master/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type master; file "master/empty.db"; };
zone "0.ip6.arpa" { type master; file
"master/localhost-reverse.db"; };
zone "0.in-addr.arpa" { type master; file "master/empty.db"; };
zone "10.in-addr.arpa" { type master; file "master/empty.db"; };
zone "16.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "17.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "18.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "19.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "20.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "21.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "22.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "23.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "24.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "25.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "26.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "27.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "28.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "29.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "30.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "31.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; };
zone "254.169.in-addr.arpa" { type master; file "master/empty.db"; };
zone "2.0.192.in-addr.arpa" { type master; file "master/empty.db"; };
zone "18.198.in-addr.arpa" { type master; file "master/empty.db"; };
zone "19.198.in-addr.arpa" { type master; file "master/empty.db"; };
zone "240.in-addr.arpa" { type master; file "master/empty.db"; };
zone "241.in-addr.arpa" { type master; file "master/empty.db"; };
zone "242.in-addr.arpa" { type master; file "master/empty.db"; };
zone "243.in-addr.arpa" { type master; file "master/empty.db"; };
zone "244.in-addr.arpa" { type master; file "master/empty.db"; };
zone "245.in-addr.arpa" { type master; file "master/empty.db"; };
zone "246.in-addr.arpa" { type master; file "master/empty.db"; };
zone "247.in-addr.arpa" { type master; file "master/empty.db"; };
zone "248.in-addr.arpa" { type master; file "master/empty.db"; };
zone "249.in-addr.arpa" { type master; file "master/empty.db"; };
zone "250.in-addr.arpa" { type master; file "master/empty.db"; };
zone "251.in-addr.arpa" { type master; file "master/empty.db"; };
zone "252.in-addr.arpa" { type master; file "master/empty.db"; };
zone "253.in-addr.arpa" { type master; file "master/empty.db"; };
zone "254.in-addr.arpa" { type master; file "master/empty.db"; };
zone "1.ip6.arpa" { type master; file "master/empty.db"; };
zone "3.ip6.arpa" { type master; file "master/empty.db"; };
zone "4.ip6.arpa" { type master; file "master/empty.db"; };
zone "5.ip6.arpa" { type master; file "master/empty.db"; };
zone "6.ip6.arpa" { type master; file "master/empty.db"; };
zone "7.ip6.arpa" { type master; file "master/empty.db"; };
zone "8.ip6.arpa" { type master; file "master/empty.db"; };
zone "9.ip6.arpa" { type master; file "master/empty.db"; };
zone "a.ip6.arpa" { type master; file "master/empty.db"; };
zone "b.ip6.arpa" { type master; file "master/empty.db"; };
zone "c.ip6.arpa" { type master; file "master/empty.db"; };
zone "d.ip6.arpa" { type master; file "master/empty.db"; };
zone "e.ip6.arpa" { type master; file "master/empty.db"; };
zone "0.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "1.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "2.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "3.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "4.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "5.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "6.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "7.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "8.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "9.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "a.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "b.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "0.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "1.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "2.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "3.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "4.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "5.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "6.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "7.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "c.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "d.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "8.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "9.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "a.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "b.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "c.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "d.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "e.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "f.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "ip6.int" { type master; file "master/empty.db"; };
<vypusteny nektere zony typu master>
zone "sfproduction.cz" {
type master;
file "master/sfproduction.cz.db";
allow-transfer {sekundarni dns};
};
zone "146.197.217.in-addr.arpa" {
type master;
file "master/146.197.217.in-addr.arpa.db";
allow-transfer {sekundarni dns;};
};
More information about the Users-l
mailing list