Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
RE: Re: [suse-security] DNS
  • From: christian.burri@xxxxxxxxxx
  • Date: Wed, 11 Sep 2002 17:39:48 +0200
  • Message-id: <OFA23FD957.1AA291A6-ONC1256C31.00559B42@xxxxxxxxxx>

Yes, there is a way. We have our DNS working this way (we "only" own 64 IPs
but it was unacceptable for us to have DNS hosted at the ISP).
However, most ISP dont have the slightest clue on how to do it.

It is called "classless in-addr.arpa delegation" and described in RFC 2317.
More information about it can be found at http://www.ripe.net/reverse/

If you have trouble to get your ISP to set this up properly (it took our
ISP something close to 6 months to figure it out...), I suggest you write
an email to RIPE (in case your living in europe, that is). They will, on
your behalf, contact your ISP and help them to do the delegation.

HTH

Chris Burri
Network/Security Engineer
Synecta Informatik AG
Zwinglistrasse 3
9000 St. Gallen
SWITZERLAND


.-.
/v\ L I N U X
// \\ >I know KungFu!!<
/( )\
^^-^^



Michael
Zimmermann An: "Reckhard, Tobias" <tobias.reckhard@xxxxxxxxxxx>, "'SuSE Security Discussion (E-mail)'"
<zim@xxxxxxxx <suse-security@xxxxxxxx>
> Kopie:
Thema: Re: [suse-security] DNS
11.09.2002
10:45






-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At Mittwoch, 11. September 2002 10:14 Reckhard, Tobias wrote:
> [about how to do reverse delegation for one's IP's]
> Either you use the RFC 2317 muck to work around BIND's configuration file
> problems with CIDR, introducing lots of ugly CNAMEs in the process.

Pardon me, Tobias,

you're saying, that there is a way to do reverse delegation WITHOUT
either having the corresponding arpa zone delegated to you (either
as a class-C delegation or a partial one through RFC2317) ?

How?

That would mean you could (howsoever ugly) go around the
arpa authoritative nameserver for the class-C subnet --
which would be certainly security related in my version of
the DNS bible.


Greetings
- --
Michael Zimmermann (Vegaa Safety and Security for Internet Services)
Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD4DBQE9fwKs72vu22ltWBERAkqCAJdmG9cANXl0gqGiBjMV2TachzhNAJ0W1JZG
Ftw4iGtjel4BY1SL/PbCOg==
=bi9m
-----END PGP SIGNATURE-----


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here






< Previous Next >