[TriLUG] Bind9 Hand-hold question (or alternative)

Joseph Mack NA3T jmack at wm7d.net
Sat Mar 7 16:42:20 EST 2009


On Sat, 7 Mar 2009, Brian Henning wrote:

> So for now, I've set up /etc/named.conf as follows:
>
> options {
> 	forward first;
> 	forwarders {
> 		x.y.z.w;   # (hard-coded outside dns server 1)
> 		x.y.z.w;   # (hard-coded outside dns server 2)
> 	};
> };

this is what I do. You could put in opendns servers rather 
than the ISP's DNS servers.

> 1) Is the above named.conf "safe"?  iptables will be preventing any outside
> access to bind...but does the above simple config leave open any room for
> nasty dns tricks like poisoning or whatever?

beats me. I just haywired it together.

> 2) Is there a way to get the list of forwarders from resolv.conf?

I didn't want the router to have the ISP's DNS machines for 
DNS. I wanted them all going to the DNS on the router. S my 
router (the machine providing the above DNS), has its own IP 
in its fixed resolv.conf, so that all machines inside 
(whether on fixed IPs, or laptops using dhcp and which 
update the local DNS), resolve through bind on the router.

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!



More information about the TriLUG mailing list