[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Bind allowing recursive lookups {Scanned}
- Subject: Re: [cobalt-users] Bind allowing recursive lookups {Scanned}
- From: "SW" <wppiphoto@xxxxxxxx>
- Date: Thu Jan 1 20:11:01 2004
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Robert,
> How do I configure bind (the solarspeed package) to stop allowing
recursive
> lookups ?
I just finished doing this but it took me a few days to get it working
especially if you use Cobalt GUI to add/update dns records. If you don't,
then you can just add the following in /etc/named.conf under the 'options'
directive:
options {
directory "/etc/named";
allow-recursion { xxx.xxx.xxx.xxx/24; localhost; };
}
----------
Where xxx.xxx.xxx.xxx/24 is your local area network where you want to allow
computer to do recursion to this dns server and just as an added measure, I
also added localhost. You can also add othe IP addresses or blocks by just
adding after localhost; xxx.xxx.xxx.xxx; };
Now if you are like me and actually do use Cobalt GUI to add or update dns
records then any changes you manually make in /etc/named.conf will be earsed
the next time you use the gui dns interface. To solve this you will need to
go do some modifications to cobalt admin cgi files. Which I found out the
hard way can quickly break things. PLEASE BACKUP...BACKUP...BACKUP ANY FILES
BEFORE DOING ANYTHING. So, don't say I didn't say it...Backup any file
before editing it so you can have the original incase you need it. Backup
also /etc/named.conf and /etc/named dir just to have incase you need to
compare.
SSH or telnet to box w/ the dns records
Become root (su)
cp /usr/admserv/cgi-bin/.cobalt/dns/index.cgi /root/index.cgi.bak
pico /usr/admserv/cgi-bin/.cobalt/dns/index.cgi
Find the following:
print NAMEDCONF "options {\n\tdirectory \"$Named_dir\";\n";
Replace it with the following:
print NAMEDCONF "options {\n";
my $options = `cat /etc/namedoptions.conf`;
print NAMEDCONF "$options";
This will allow you to have a file in /etc/namedoptions.conf to put all of
bind options and whenever you add or updated dns records through the GUI, it
will look in the /etc/namedoptions.conf file for the options for bind.
Now, you need to create the /etc/namedoptions.conf file and put in their all
of your options except secondary dns records which the gui already takes
care of that for you. Here is what I have in my namedoptions.conf file:
directory "/etc/named";
allow-recursion { xxx.xxx.xxx.xxx/27; localhost; };
version "WPPi Name Server - NA";
Now to test if everything works, go into your GUI control panel DNS
parameters and just click the 'Save DNS records' option to have it rebuild
the /etc/named.conf file. After that go and check the /etc/named.conf file
to see if it added the options from the /etc/namedoptions.conf file and
everything looks right. I go really screwed when I failed to add an extra
'}' at the end and caused my entire dns records to fail. So, please compare
it with your orginal /etc/named.conf file you backed up earlier before doing
anything.
SW
-------------------------------------------------
WPPi.com | WPPi.Net
-------------------------------------------------
http://www.wppi.com | http://www.wppi.net
-------------------------------------------------
WPPi.com & WPPi.Net MailScanner Signature
This message has been scanned for viruses
and dangerous content by WPPi MailScanner,
and has been found to be clean.
-------------------------------------------------