HPE Community
Operating System - HP-UX
1820532 Members
2440 Online
109626 Solutions
New Discussion юеВ

Re: Secondary Internal and External DNS services

 
Darren Gibbs
Advisor

тАО07-11-2002 11:44 AM

тАО07-11-2002 11:44 AM

Secondary Internal and External DNS services

I have two secondary DNS services running on the same host. Each being a slave of a different master. I'm running two named daemons with two different configuration files. One is configured to listen on Lan0 while the other listens on Lan0:1. Should I worry about forcing different sockets for each? If so, how do I go about this?
0 Kudos
Reply
4 REPLIES 4
Anu Mathew
Valued Contributor

тАО07-11-2002 12:24 PM

тАО07-11-2002 12:24 PM

Re: Secondary Internal and External DNS services

Hi Gibbs,

Let us see whether I got your situation correctly.

Why not to keep one boot file instead of two?

;
; Boot file for Secondary Name Server
;
; type domain source file or host
;
directory /usr/local/adm/named
secondary
internal.domain 128.32.0.4 128.32.0.10 ucbhosts.bak
secondary 32.128.in-addr.arpa 128.32.0.4 128.32.0.10 ucbhosts.rev.bak
primary 0.0.127.in-addr.arpa named.local
cache . root.cache

Then, configure access controls for internal and external as required.

Hope this helps.

Thanks

Anu Mathew



0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО07-11-2002 12:26 PM

тАО07-11-2002 12:26 PM

Re: Secondary Internal and External DNS services

Hi Darren,

I'm not sure I understand your question.
And correct me if I'm wrong but....
If you have separate IPs i.e. lan0 & lan0:1 - you by definition have separate sockets.
As a socket is an IP/port combo they will always be separate.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
sven verhaegen
Respected Contributor

тАО07-12-2002 02:33 AM

тАО07-12-2002 02:33 AM

Re: Secondary Internal and External DNS services

further it is not because your configuration file of your dns states that you only are responsible for the addresses from network A and have a master on network A that a client on network B wouldn't be able to retrieve something from your database on a name fro a server out of the A network range , as said the ip packet consiste of Mac addres , IP address , that is unique for diffrent cards (not in your case) + a socket number and this is always different as only one process cann use a socket at a given time so mac.ip.socket is always unique , there is no need to force anuything at all at DNs level , you would not even be able to do so as there are no option for this available , it would also be unsuitable because you could go and reserver a socket already used by something else , this is why the system distributes the sockets or the application if it is a well known socket not you
...knowing one ignores a greath many things is the first step to wisdom...
0 Kudos
Reply
Jordan Bean
Honored Contributor

тАО07-12-2002 11:22 AM

тАО07-12-2002 11:22 AM

Re: Secondary Internal and External DNS services

Which BIND version?

When running two named on one host, each must be configured not only to listen on a different socket, but also to query from a different socket. If you don't specify the latter, then both will default to 0.0.0.0:53 (I think), but only the first will get it.

If you're working with BIND 8 or 9, then I'd expect to see this:

listen-on { ; 127.0.0.1; };
query-source port 53;

and

listen-on { ; };
query-source port 53;
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.