VanLUG Email Archive

VanLUG Mailing List
Re: named

Brian Edmonds (brian@gweep.bc.ca)
21 Oct 1998 08:19:55 -0700

• Next message: Brian Edmonds: "(fwd) UNIX Employment Opportunity"
• Previous message: Barry Ferg: "RE: ICQ"
• In reply to: Brad Barnett: "ICQ"

Ian Dobson <Ian@fastnet.bc.ca> writes:
> what do I need to add to allow the inside IP's to resolve each others
> names, and so the outside (internet side) can't see them?

You can use the allow-query zone option in /etc/named.conf. An example
from mine:

# forward map for Gweep Systems
zone "gweep.bc.ca" {
        type master;
        file "gweep";
        allow-query { any; };
        allow-transfer { 142.103.6.6; 204.145.148.154; };
};

# reverse map for Gweep Systems (local network)
zone "168.192.in-addr.arpa" {
        type master;
        file "gweep.rev";
        allow-query { 127.0.0.1; 192.168/16; };
        allow-transfer { none; };
};

So anyone can query my globally known gweep.bc.ca addresses, but only
localhost and hosts on the local network can query the 192.168.x.x IPs I
use internally.

If I needed hosts under gweep.bc.ca both external and internal hidden,
I'd have to either add subdomains under gweep.bc.ca that don't resolve
externally, or run a second name server that only binds to my internal
interface and has a different gweep.bc.ca map.

Brian.

• Next message: Brian Edmonds: "(fwd) UNIX Employment Opportunity"
• Previous message: Barry Ferg: "RE: ICQ"
• In reply to: Brad Barnett: "ICQ"