[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-developers] Tweaking DNS management / undocumented features

Subject: [cobalt-developers] Tweaking DNS management / undocumented features
From: "Thomas Schmitz" <ts-lists@xxxxxxxxxxxxxxxxx>
Date: Sun Jan 21 16:46:01 2001
Organization: SIC Internet Consulting
List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>

I've set up the DNS daemon on my RAQ2 to restrict zone-transfers to 
the hosts which run the secondary ns for my zones (and ban certain bad 
addresses from connecting to my nameserver).

I watched how the cobalt GUI overwrote "named.conf" over and over, every time 
the DNS settings are changed within the control panel. 

Fed up editing my named.conf after each change (to add the zone-transfer 
statement), I decided to tweak the cobalt GUI / cobalt cgi's in order to be able 
to include my own customized options-directive.

Now, only the zone-entries are created / overwritten by the cobalt UI, everything above 
(options, etc.) is included from /etc/named.conf.options.

Changes made to /usr/admserv/cgi-bin/.cobalt/dns/index.cgi:

[root /etc]# diff /usr/admserv/cgi-bin/.cobalt/dns/index.cgi.old /usr/admserv/cgi-bin/.cobalt/dns/index.cgi
10a11
> # 1/22/01, Thomas Schmitz ts-lists@xxxxxxxxxxxxxxxxx
882c883,894
<        print NAMEDCONF "options { directory \"$Named_dir\"; };\n";
---
>
>        if( -r '/etc/named.conf.options' )
>               {
>                   open( INCLUD, '/etc/named.conf.options' );
>             while( <INCLUD> ) { print NAMEDCONF; }
>             close( INCLUD );
>         }
>         else
>         {
>             print NAMEDCONF "options { directory \"$Named_dir\"; };\n";   # Orginal / Cobalt
>         }
>


/etc/named.conf.options :
acl "bogus" {
  0.0.0.0/8;     // Null address
  1.0.0.0/8;     // IANA reserved, popular fakes
  2.0.0.0/8;
  192.0.2.0/24;  // Test address
  224.0.0.0/3;   // Multicast addresses
  10.0.0.0/8;
  172.16.0.0/12;
  192.168.0.0/16;
                };

options {
  directory "/etc/named"; 

  allow-transfer {
    (...)           // Secondary NS
    127.0.0.1;
   };

  blackhole {
        bogon;
   };
};

Needless to say this procedure WILL absolutely any void any cobalt software warranty 
and be sure to keep a clean BACKUP of this cgi-script (might be needed if cobalt
issues a patch which makes changes to this script -> apply patch to original file).

There are also two undocumented features built-in by cobalt:
/etc/named.conf.include        everything in here will be included between "options" and "zones" (might be useful 
if you want to define some custom zones which the cobalt UI will not touch)
/etc/named.conf.forwarding    quote from source: "Allow DNS request forwarding for our friends at Nokia" 


Regards,
 Thomas

---
Thomas Schmitz                          Tel: +41-1-793 15 55
SIC Internet Consulting                 Fax: +41-1-793 15 56
Feldguetliweg 83               mailto: sic@xxxxxxxxxxxxxxxxx
CH-8706 Feldmeilen              http://www.web-consulting.ch
Switzerland

Follow-Ups:
- [cobalt-developers] SSL
  - From: Kal Amry

Prev by Date: [cobalt-developers] oops
Next by Date: [cobalt-developers] SSL
Previous by thread: [cobalt-developers] oops
Next by thread: [cobalt-developers] SSL

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index