Date: Thu, 23 Jun 2005 22:48:18 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Gary Kline <kline@tao.thought.org> Cc: freebsd-questions@freebsd.org Subject: Re: private/internal db file question... Message-ID: <20050623194818.GA1145@gothmog.gr> In-Reply-To: <20050623170639.GB67114@thought.org> References: <20050623001343.GA63523@thought.org> <20050623005626.GB1523@gothmog.gr> <20050623023627.GA63945@thought.org> <20050623093615.GE15615@orion.daedalusnetworks.priv> <20050623170639.GB67114@thought.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-06-23 10:06, Gary Kline <kline@tao.thought.org> wrote:
> On Thu, Jun 23, 2005 at 12:36:15PM +0300, Giorgos Keramidas wrote:
> > > zone "db.private" {
> > > type master;
> > > file "/etc/namedb/s/db.private";
> > > allow-query {
> > > 127.0.0.1/32; 10.0.0.0/8;
> > > };
> > > };
> > >
> > > zone "db/private.rev" {
> > > type master;
> > > file "/etc/namedb/s/db.private.rev";
> > > allow-query {
> > > 127.0.0.1/32; 10.0.0.0/8;
> > > };
> > > };
> >
> > Something is very wrong above. You're not supposed to use "db.private"
> > (i.e. the name of the _FILE_ that stores the zone records) as the first
> > argument of the "zone" configuration directive.
>
> I stared at named.conf for ten minutes before seeing what
> you meant. I think. How about
> ^zone "private"{
> };
>
> and
>
> ^zone "private.rev" {
> }
Sorry for not being clear enough. The first (string) argument of the
``zone'' configuration directive is the name of the ``zone''. What
exactly is a ``zone'' is what you are (probably) more inclined to call a
``domain''.
In your case:
- "thought.org" *IS* a zone
- "private" isn't, unless you use names like "laptop.private",
"hp2300.private", etc. for all the machines of your internal
network.
- "private.rev" is one that I bet an arm and a leg cannot and will not
work, ever.
Reverse zones can only work, AFAIK, if you use the ".IN-ADDR.ARPA"
scheme of naming them, i.e.:
options {
directory "/etc/namedb";
; ...
};
zone "0.0.10.in-addr.arpa." {
type master;
file "master/db.10.0.0";
; ...
};
When a name server (yours, for instance) wants to lookup the name (or
names) of the address 10.0.0.1, they transform the IP address to:
1.0.0.10.in-addr.arpa.
and start looking for zones that may match it. The following will be
looked up, in order:
1.0.0.10.in-addr.arpa.
0.0.10.in-addr.arpa.
0.10.in-addr.arpa.
10.in-addr.arpa.
> This is my entry for db.thought.org. The zone name is simply
> "thought.org".
That's because this is a "forward resolution", i.e. name => IP address.
To resolve IP addresses, the name servers use the zone names I listed
above in their lookups. By naming your zone "private.rev", you pretty
much guarantee that no name server will be able to resolve IP addresses
to host names for your "private" network.
- Giorgos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050623194818.GA1145>