Hello to all.
I have recently set up a slave DNS server
(bind-9.3.6) on a CentOS 5.x Linux box. The
master is our Windows server and, really, it
directly serves our AD infrastructure, and
forwards external queries to our ISP''s DNS
servers.
I got the basic set-up correct, I believe.
However, yesterday I pushed the envelope a bit.
I want to make sure that, in the temporary
absence of the master, that the slave does the
forwarding to the ISP, but that it only servers
our company (i.e. is not accessible externally).
Here's my named.conf file:
Options {
directory "/var/named"; //Working directory
forwarders {
65.x.1.x;
65.x.7.x;
};
forward only;
version "not currently available";
allow-recursion {192.168.100.0/22;};
};
//Zone entry for my Active Directory domain.
zone "mydomain.com" IN {
type slave;
file "slaves/db.ad.mydomain.com";
masters { 192.168.100.3;};
allow-notify {none;};
forwarders {};
};
// reverse map for class C 192.168.100.0
zone "100.168.192.IN-ADDR.ARPA" IN {
type slave;
file "slaves/db.ad.192.168.100.rev";
masters {192.168.100.3;};
allow-notify {none;};
forwarders {};
};
include "/etc/rndc.key";
logging {
channel log {
file "/var/log/named/bind.log" versions 3 size
5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category default{ log; };
category statistics { log; };
category queries { log; };
};
Is this correct and secure?
Many thanks.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
