[buug] DNS help: tricking my network
Keith Keller
kkeller at speakeasy.net
Mon Sep 9 21:13:32 PDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Sep 09, 2002 at 06:21:15PM -0500, Brian Sobolak wrote:
> Can I set up the DNS server on my BSD box so that if
> it receives requests for domains that it hosts from
> the internal network it will give a different answer
> than requests from outside the private network?
Yes--it's easy with BIND 9, more difficult (though possible)
with BIND 8. Here's part of my named.conf file:
acl "inside" {
192.168.1/24;
};
view "inside" {
match-clients { "inside"; };
recursion yes;
zone "wombat.san-francisco.ca.us" IN {
type master;
file "wombat.san-francisco.ca.us-inside";
allow-update { none; };
};
};
view "outside" {
match-clients { any; };
recursion no;
zone "wombat.san-francisco.ca.us" IN {
type master;
file "wombat.san-francisco.ca.us";
allow-update { none; };
};
};
The first matching view is applied to a query, so the inside view
is applied to your home network, and the outside view to everyone
else. The -inside zone file should use your internal addresses
instead of your official internet IPs.
- -- keith
kkeller at speakeasy.net
public key: http://wombat.san-francisco.ca.us/kkeller/kkeller.asc
alt.os.linux.slackware FAQ: http://wombat.san-francisco.ca.us/perl/fom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj19cWsACgkQhVcNCxZ5ID+7iwCfaShdTTYgMTT+8oPGYciH8YEI
w2AAn34QJUa+jpDY5MNBQNv0pf4aU33X
=0sNb
-----END PGP SIGNATURE-----
More information about the buug
mailing list