On 07.02.19 14:58, Roberto Carna wrote:
In our company we have several desktops from two different cities accessing
only to internal domains distributed in two views in a private BIND with
authoritative zones, where I've defined "recursion no;".
But now we have to let them access to *.teamviewer.com hostnames, just this
public domain and not other.
btw, when did linux.org change to teamviewer.com?
So I've implemented the forwarding of "teamviewer.com" zone to our BIND
resolvers servers (they forward DNS queries to 8.8.8.8). So I've created a
third view with this information in named.conf.local:
acl internet { 10.0.0.0/24 };
view "internet" {
match-clients { internet; key "custom"; };
recursion yes;
zone "teamviewer.com" {
type forward;
forward only;
forwarders {
172.18.1.1;
172.18.1.2;
};
};
I defined "recursion yes" but the BIND servers forwards all the public
domains queries to our resolvers and not just for "teamviewer.com", so it
doesn't work. And if I change for "recursion no", the query
www.teamviewer.com is refused and at the client side appears an error
telling that recursion is necessary.
of course, BIND will resolve other domains (recurse) only when you allow it
to recurse.
So I let desktops resolve all the Internet domains or neither, and this is
not what I want because I just want to let them resolve just teamviewer.com.
How can I do to forward only teamviewer.com zone queries to my resolvers???
what is the point of running DNS server with only two hostnames allowed to
resolve?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
