[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Bind allowing recursive lookups {Scanned}
- Subject: Re: [cobalt-users] Bind allowing recursive lookups {Scanned}
- From: "R. Hamburg .: HaVa Web- & Processdesign :." <user@xxxxxxx>
- Date: Fri Jan 2 04:53:01 2004
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> Robert,
>
> > How do I configure bind (the solarspeed package) to stop allowing
> recursive
> > lookups ?
>
> I just finished doing this but it took me a few days to get it working
> especially if you use Cobalt GUI to add/update dns records. If you don't,
> then you can just add the following in /etc/named.conf under the 'options'
> directive:
>
> options {
> directory "/etc/named";
> allow-recursion { xxx.xxx.xxx.xxx/24; localhost; };
> }
> ----------
> Where xxx.xxx.xxx.xxx/24 is your local area network where you want to
allow
> computer to do recursion to this dns server and just as an added measure,
I
> also added localhost. You can also add othe IP addresses or blocks by just
> adding after localhost; xxx.xxx.xxx.xxx; };
>
> Now if you are like me and actually do use Cobalt GUI to add or update dns
> records then any changes you manually make in /etc/named.conf will be
earsed
> the next time you use the gui dns interface. To solve this you will need
to
> go do some modifications to cobalt admin cgi files. Which I found out the
> hard way can quickly break things. PLEASE BACKUP...BACKUP...BACKUP ANY
FILES
> BEFORE DOING ANYTHING. So, don't say I didn't say it...Backup any file
> before editing it so you can have the original incase you need it. Backup
> also /etc/named.conf and /etc/named dir just to have incase you need to
> compare.
>
> SSH or telnet to box w/ the dns records
> Become root (su)
> cp /usr/admserv/cgi-bin/.cobalt/dns/index.cgi /root/index.cgi.bak
> pico /usr/admserv/cgi-bin/.cobalt/dns/index.cgi
> Find the following:
>
> print NAMEDCONF "options {\n\tdirectory \"$Named_dir\";\n";
>
> Replace it with the following:
>
> print NAMEDCONF "options {\n";
> my $options = `cat /etc/namedoptions.conf`;
> print NAMEDCONF "$options";
>
> This will allow you to have a file in /etc/namedoptions.conf to put all of
> bind options and whenever you add or updated dns records through the GUI,
it
> will look in the /etc/namedoptions.conf file for the options for bind.
>
> Now, you need to create the /etc/namedoptions.conf file and put in their
all
> of your options except secondary dns records which the gui already takes
> care of that for you. Here is what I have in my namedoptions.conf file:
>
> directory "/etc/named";
> allow-recursion { xxx.xxx.xxx.xxx/27; localhost; };
> version "WPPi Name Server - NA";
>
> Now to test if everything works, go into your GUI control panel DNS
> parameters and just click the 'Save DNS records' option to have it rebuild
> the /etc/named.conf file. After that go and check the /etc/named.conf file
> to see if it added the options from the /etc/namedoptions.conf file and
> everything looks right. I go really screwed when I failed to add an extra
> '}' at the end and caused my entire dns records to fail. So, please
compare
> it with your orginal /etc/named.conf file you backed up earlier before
doing
> anything.
Thanks !!!!!!!!!!!
About to give it a shot...
Robbert