FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 09-24-2010, 05:38 PM
Les Mikesell
 
Default Configuring BIND to answer to two domain names (four IP addresses)

On 9/24/2010 12:21 PM, Dotan Cohen wrote:
>> Have a read for the listen on directive for BIND which tells BIND what
>> interfaces/IP Addresses to bind to.
>
> Thanks, I am aware that Apache can be told to listen only to specific
> addresses. Can BIND be told to listen on all addresses? Your post
> implies that this is the default (which makes sense, as so does
> Apache), maybe I am chasing a non-issue?
>
> In other words, I should configure BIND to answer to exampleA.com and
> to exampleB.com with no regard to IP addresses. then in the control
> panel for each domain name configure the nameservers to my liking
> (with addresses that the server answers to, naturally)? That's it?
>
>
>> Alternatively, you could just configure BIND identically on both machines and ensure that
>> they are setup in a master/slave configuration so that each name server could answer
>> requests for both domains and publish both name server records in each domain.
>>
>
> There is only one machine. All four addresses point to it.


You are making it much more complicated than necessary. I'd configure
apache to use named virtual hosts and listen on all addresses (but you
might want to tie https to specific addresses so you can tie connections
to the right certificates), and bind to listen on all addresses and
answer for all your domains.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-24-2010, 05:59 PM
Les Mikesell
 
Default Configuring BIND to answer to two domain names (four IP addresses)

On 9/24/2010 12:43 PM, Dotan Cohen wrote:
>
>> and bind to listen on all addresses and
>> answer for all your domains.
>>
>
> So, then, the association of a FQDN with any particular IP address is
> only done in the domain name's control panel where the nameservers are
> set?

What's a control panel? Bind is going to want a zone file for each
domain where it is the primary nameserver and an A record for each host
in that domain. You may have some GUI tool to manage them. But any
instance of bind can be primary for any number of domains. The
association with the IP address(es) that will receive the queries
happens when you register the domain into the public dns system and you
can register the same server(s) as primary for many domains.

--
Les Mikesell
lesmikesell@gmail.com

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-24-2010, 06:18 PM
Les Mikesell
 
Default Configuring BIND to answer to two domain names (four IP addresses)

On 9/24/2010 1:07 PM, Dotan Cohen wrote:
>
>> But any
>> instance of bind can be primary for any number of domains. The
>> association with the IP address(es) that will receive the queries
>> happens when you register the domain into the public dns system and you
>> can register the same server(s) as primary for many domains.
>>
>
> Yes, but I'd rather have different name servers for exampleA.com and
> exampleB.com. The two domain names are for competing websites, there
> should be no hint that they are associated.

Probably a waste of time. If anyone cares, they'll track down the
domain and IP range ownership anyway (there are sites that do it
automatically). So unless you've used company aliases in the domain
registration and gotten separate isp connections for your addresses the
connection will still show.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-24-2010, 08:24 PM
Alexander Dalloz
 
Default Configuring BIND to answer to two domain names (four IP addresses)

Am 24.09.2010 22:12, schrieb Dotan Cohen:
> On Fri, Sep 24, 2010 at 22:06, James A. Peltier <jpeltier@sfu.ca> wrote:
>> formatting for NS records is incorrect. It should just read
>>
>> NS ns1.exampleA.com.
>> NS ns2.exampleA.com.
>>
>
> Thanks. (I added the periods)
>
>> where is your ns1.exampleA.com entry?
>> where is your ns2.exampleA.com entry?
>>
>
> Where _should_ they be? So far as I've been able to google, I cannot
> tell... This is what all the examples look like that I have been able
> to find.
>
>
>> Broken!
>>
>
> Ou!

http://www.zytrax.com/books/dns/

That is a good source to read up about bind configuration.

As a sidenote please be aware, that if someone directly queries your
ns1.exampleA.com for exampleB.com zone records he will get proper
answers. If you would need to prevent this for any reason you would need
a extended bind config design using views.

While the zytrax book has lessons about views you can too find a resource in

http://www.cymru.com/Documents/secure-bind-template.html

Regards

Alexander
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-24-2010, 08:47 PM
Les Mikesell
 
Default Configuring BIND to answer to two domain names (four IP addresses)

On 9/24/2010 3:39 PM, Dotan Cohen wrote:
> On Fri, Sep 24, 2010 at 22:24, Robert Heller<heller@deepsoft.com> wrote:
>>> So, then, the association of a FQDN with any particular IP address is
>>> only done in the domain name's control panel where the nameservers are
>>> set?
>>
>> It is in bind's database (zone files). In named.conf you associate
>> domains (all but the leftmost part of the FQDN) with zone files and
>> zone files map from hostnames (left-most part of the FQDN) to ip
>> addresses.
>>
>
> Thank you. That is quite what I had suspected, and of course the zone
> files that I am experimenting with reflect that. How is this:
>
>
> # cat /var/named/exampleA.com.hosts
>
> $ORIGIN exampleA.com.
> $TTL 1h
> exampleA.com. IN SOA ns1.exampleA.com. ns2.exampleA.com. (
> 1; Serial - increment me
> 10800
> 3600
> 604800
> 38400 )
> IN NS ns1.exampleA.com.
> IN NS ns2.exampleA.com.
> exampleA.com. IN A 1.1.1.1
> exampleA.com. IN A 1.1.1.2
> ns1 IN A 1.1.1.1
> ns2 IN A 1.1.1.2
>

I think that's reasonable - but note that from the rest of the world's
perspective the ns1, ns2 IP's are going to come from the glue records
from the upstream DNS that would have been added when you registered the
servers as primary for the domain. For anything else, the query gets
passed on to your server.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-24-2010, 09:23 PM
Les Mikesell
 
Default Configuring BIND to answer to two domain names (four IP addresses)

On 9/24/2010 4:02 PM, Dotan Cohen wrote:
> On Fri, Sep 24, 2010 at 22:41, Robert Heller<heller@deepsoft.com> wrote:
>> You need:
>>
>> ns1.exampleA.com. IN A 1.1.1.1
>> ns2.exampleA.com. IN A 1.1.1.2
>>
>
> Here I have found conflicting information, it seems that some sources
> suggest this instead:
> ns1 IN A 1.1.1.1
> ns2 IN A 1.1.1.2
>

They are the same. The $ORIGIN is normally appended to names, but not
when it has a trailing '.' (in which case you include it yourself).

--
Les Mikesell
lesmikesell@gmail.com


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-25-2010, 04:15 PM
Les Mikesell
 
Default Configuring BIND to answer to two domain names (four IP addresses)

On 9/24/10 11:12 PM, cpolish@surewest.net wrote:
> On Fri, Sep 24, 2010 at 10:28:41PM +0200, Dotan Cohen wrote:
>> On Fri, Sep 24, 2010 at 22:24, Alexander Dalloz<ad+lists@uni-x.org> wrote:
>>> http://www.zytrax.com/books/dns/
>>>
>>> That is a good source to read up about bind configuration.
>>>
>>> As a sidenote please be aware, that if someone directly queries your
>>> ns1.exampleA.com for exampleB.com zone records he will get proper
>>> answers. If you would need to prevent this for any reason you would need
>>> a extended bind config design using views.
>>>
>>> While the zytrax book has lessons about views you can too find a resource in
>>>
>>> http://www.cymru.com/Documents/secure-bind-template.html
>>>
>>
>> Wow, thank you! There is some good reading there, especially the
>> security link. Lots of little holes to exploit!
>>
>> I will be up for the night!
>
> For completeness: there is the BIND 9 Administrator Reference Manual,
> known as the ARM, usually supplied under /usr/share/doc/.
> And what many consider to be the standard reference, Liu and Albitz's
> "DNS and BIND" published by O'Reilly. I believe it's up to the
> 5th edition now; an earlier edition used to be provided online.
> If you're serious about learning DNS you ought to consider this book.

Learning bind is sort of like learning sendmail though. They both do a million
things you'll never need (and if you do you should probably change your
design...). The trick - especially when you start with the full references - is
to figure out the simple part you need to understand and ignore the rest. And
when using distribution-packaged versions, most of what you need is already there.

--
Les Mikesell
lesmikesell@gmail.com

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 05:34 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org