[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] RAQ3: DNS on one ip, virtual site on the other
- Subject: Re: [cobalt-users] RAQ3: DNS on one ip, virtual site on the other
- From: "Michael Zimmermann" <zim@xxxxxxxx>
- Date: Mon Jun 12 09:14:00 2000
From: Stefan Kreichelt <kre49@xxxxxxxxxxx>
My question is: how do I tell my RAQ to listen
with the named on one ip and with httpd on the other ip....
First of all, you need not. No harm when the DNS
is also responding on the other IP.
But if you insist to, then
1.) create the DNS - site through the gui
without web and email etc. - just to
configure the line interfaces approp.
(I use the primary machine for that)
2.) HTTP-access is allready only done
on those IP's for which you have
created sites.
3.) DNS can be configured to listen only
on certain IPs.
in /etc/named.conf add within options
something like:
options {
listen-on { 111.2.3.4; 127.0.0.1; };
allow-transfer { www.xxx.yyy.zzz; 111.2.3.4; };
}
Hints:
a) In 'listen-on' also add the localhost-ip 127.0.0.1,
because under that IP the Active Monitor checks,
wether DNS is running or down.
b) Under 'allow-transfer' put the secondary servers,
which you are using (if your's is the primary).
Without an 'allow-transfer' restriction anybody
can get your complete domain-data which is
considered a security risk (playing the game
secure by obfuscation). Add the main-IP
of the RaQ also to this list and/or any other IPs
from which you want to check your DNS-
configuration (say using 'dlint') - for example
the IPs of the Webinterfaces you like to use to
check your DNS from the outside.
'allow-transfer' may even be specified on a
per-domain base, if you use different secondary
nameservers for the different domains, but that's
a little over-shooting.
Get the latest named (security reasons).
Think about running named in a chroot-environment.
If any of these steps voids your Cobalt-warranty,
blaming me creates bad Karma .o)
Michael