Re: DNS question

Kurt Schafer ( (no email) )
Mon, 16 Mar 1998 13:11:15 -0500

I'm almost positive you can edit your DNS server so that only authorized
hosts can do zone transfers while still being able to query the server for
addresses from unauthorized hosts.

ie, if you have a zone file that looks like this

www.domain.com IN A 192.168.0.1
ftp.domain.com IN A 192.168.0.2
mail.domain.com IN A 192.168.0.3
topsecretmachine.domain.com IN A 192.168.0.4

you can set up your DNS server to resolve addresses that people ask for
(like www.domain.com) but to not let people actually download your entire
zone file. (and thereby be able to find out about the topsecretmachine)

If you run BIND on a unix host, grab the latest version and go through the
docs. If you run MS-DNS, I have no idea but I'm sure if the functionality
exists, it can't be too hard to find it. If you run a Cisco router, I think
you can implement some of this in access lists as well.

= K

-----Original Message-----
From: Carlo Gibertini <carlo@nw.com.br>
To: RadiusNT@iea-software.com <RadiusNT@iea-software.com>
Date: Saturday, March 14, 1998 8:25 AM
Subject: DNS question

>I have a doubt: How can I configure DNS so that it won't show address
>records to strangers outsiders of my network?
>
>I can do this ?
>
>Thanks,
>
>Carlo
>
>
>
> ----------------------------------------------------------
> RadiusNT Mailing List lists@iea-software.com
>
>