Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Configuring CNAME for nosslsearch.google.com
3,294 views
Skip to first unread message
Tobias Krais
Apr 15, 2012, 5:38:29 PM4/15/12
to bind-...@lists.isc.org
Hi together,
I am a newbie to bind and wasted hours to create my first bind
configuration. My target is simply creating a configuration with a CNAME
for www.google.com to nosslsearch.google.com.
First: I use Ubuntu Precise Pangolin with bind 9.8.1. I have a
transparent proxy (Dansguardian + Squid) that I use for just this lonely
copmuter.
Now I read that I have to create a zone for google.com. Others said that
it is OK to create a zone for www.google.com. But as far as I understand
this won't be a great solution.
Can you help me to create a zone for google.com that does only one
thing: a CNAME for www.google.com to nosslsearch.google.com. It would be
best, if all IP-addresses for other google.com subdomains like
docs.google.com or even nosslsearch.google.com are taken from the
"normal" nameserver, e.g. 8.8.8.8.
Can anyone help me to create my /etc/bind/db.google.com file?
Greetings,
Tobias
I am a newbie to bind and wasted hours to create my first bind
configuration. My target is simply creating a configuration with a CNAME
for www.google.com to nosslsearch.google.com.
First: I use Ubuntu Precise Pangolin with bind 9.8.1. I have a
transparent proxy (Dansguardian + Squid) that I use for just this lonely
copmuter.
Now I read that I have to create a zone for google.com. Others said that
it is OK to create a zone for www.google.com. But as far as I understand
this won't be a great solution.
Can you help me to create a zone for google.com that does only one
thing: a CNAME for www.google.com to nosslsearch.google.com. It would be
best, if all IP-addresses for other google.com subdomains like
docs.google.com or even nosslsearch.google.com are taken from the
"normal" nameserver, e.g. 8.8.8.8.
Can anyone help me to create my /etc/bind/db.google.com file?
Greetings,
Tobias
Ben Croswell
Apr 15, 2012, 6:31:39 PM4/15/12
to Tobias Krais, bind-...@lists.isc.org
What you are asking for can't be done.
If you load the google.com zone everything you don't load in the zone will be black holed and not resolve.
If you try to load WWW.Google.com you will not be able to make WWW a cname due to the no cname and other data rule.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Tobias Krais
Apr 15, 2012, 6:40:50 PM4/15/12
to bind-...@lists.isc.org
Hi Ben,
hmm. How can I manage what google suggests:
"Information for school network administrators about the No-SSL option
To utilize the no SSL option for your network, configure the DNS entry
for www.google.com to be a CNAME for nosslsearch.google.com."
Source:
http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer=186669.
You can find this quite at the end of the document.
How can I realize such a configuration in bind?
Greetings,
Tobias
Am 16.04.2012 00:31, schrieb Ben Croswell:
> What you are asking for can't be done.
> If you load the google.com <http://google.com> zone everything you don't
> <http://nosslsearch.google.com>.
> that does only one
> thing: a CNAME for www.google.com <http://www.google.com> to
> nosslsearch.google.com <http://nosslsearch.google.com>. It would be
> best, if all IP-addresses for other google.com <http://google.com>
> subdomains like
> docs.google.com <http://docs.google.com> or even
> nosslsearch.google.com <http://nosslsearch.google.com> are taken
> https://lists.isc.org/mailman/listinfo/bind-users
>
hmm. How can I manage what google suggests:
"Information for school network administrators about the No-SSL option
To utilize the no SSL option for your network, configure the DNS entry
for www.google.com to be a CNAME for nosslsearch.google.com."
Source:
http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer=186669.
You can find this quite at the end of the document.
How can I realize such a configuration in bind?
Greetings,
Tobias
Am 16.04.2012 00:31, schrieb Ben Croswell:
> What you are asking for can't be done.
> load in the zone will be black holed and not resolve.
> If you try to load WWW.Google.com <http://WWW.Google.com> you will not
> be able to make WWW a cname due to the no cname and other data rule.
>
> On Apr 15, 2012 5:39 PM, "Tobias Krais" <tux-...@design-to-use.de
>
> On Apr 15, 2012 5:39 PM, "Tobias Krais" <tux-...@design-to-use.de
> <mailto:tux-...@design-to-use.de>> wrote:
>
> Hi together,
>
> I am a newbie to bind and wasted hours to create my first bind
> configuration. My target is simply creating a configuration with a CNAME
> for www.google.com <http://www.google.com> to nosslsearch.google.com
>
> Hi together,
>
> I am a newbie to bind and wasted hours to create my first bind
> configuration. My target is simply creating a configuration with a CNAME
> <http://nosslsearch.google.com>.
>
> First: I use Ubuntu Precise Pangolin with bind 9.8.1. I have a
> transparent proxy (Dansguardian + Squid) that I use for just this lonely
> copmuter.
>
> Now I read that I have to create a zone for google.com
> <http://google.com>. Others said that
> First: I use Ubuntu Precise Pangolin with bind 9.8.1. I have a
> transparent proxy (Dansguardian + Squid) that I use for just this lonely
> copmuter.
>
> Now I read that I have to create a zone for google.com
> it is OK to create a zone for www.google.com
> <http://www.google.com>. But as far as I understand
> this won't be a great solution.
>
> Can you help me to create a zone for google.com <http://google.com>
>
> that does only one
> thing: a CNAME for www.google.com <http://www.google.com> to
> nosslsearch.google.com <http://nosslsearch.google.com>. It would be
> best, if all IP-addresses for other google.com <http://google.com>
> subdomains like
> docs.google.com <http://docs.google.com> or even
> nosslsearch.google.com <http://nosslsearch.google.com> are taken
> from the
> "normal" nameserver, e.g. 8.8.8.8.
>
> Can anyone help me to create my /etc/bind/db.google.com
> <http://db.google.com> file?
> "normal" nameserver, e.g. 8.8.8.8.
>
> Can anyone help me to create my /etc/bind/db.google.com
>
> Greetings,
>
> Tobias
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-...@lists.isc.org <mailto:bind-...@lists.isc.org>
> Greetings,
>
> Tobias
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> https://lists.isc.org/mailman/listinfo/bind-users
>
Phil Mayers
Apr 16, 2012, 4:30:57 AM4/16/12
to bind-...@lists.isc.org
On 04/15/2012 11:40 PM, Tobias Krais wrote:
> Hi Ben,
>
> hmm. How can I manage what google suggests:
> "Information for school network administrators about the No-SSL option
>
> To utilize the no SSL option for your network, configure the DNS entry
> for www.google.com to be a CNAME for nosslsearch.google.com."
> Source:
> http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer=186669.
> You can find this quite at the end of the document.
>
> How can I realize such a configuration in bind?
As you've been told, you can't. CNAMEs can't live at zone apex, so you
> Hi Ben,
>
> hmm. How can I manage what google suggests:
> "Information for school network administrators about the No-SSL option
>
> To utilize the no SSL option for your network, configure the DNS entry
> for www.google.com to be a CNAME for nosslsearch.google.com."
> Source:
> http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer=186669.
> You can find this quite at the end of the document.
>
> How can I realize such a configuration in bind?
can't a CNAME at the zone apex of "www.google.com". And if you create
"google.com" as a zone, all other hostnames will be blackholed,
including "nosslsearch.google.com".
I don't know why Google have made that suggestion; it's a bad
suggestion, that's not supported by many nameservers.
I personally think it's a bad idea to try and disable SSL search for
your users too, but that's your decision.
"unbound" might be able to to this, with a transparent local-zone and
local-data override for "www.google.com".
Lyle Giese
Apr 16, 2012, 8:49:51 AM4/16/12
to bind-...@lists.isc.org
Or did they really mean, create a hosts file on the local machine that
contains...
Or in your proxy server redirect www.google.com to nosslsearch.google.com
DNS server software is not very supportive of doing this for good reasons.
Lyle Giese
LCR Computer Services, Inc.
Alan Clegg
Apr 16, 2012, 9:53:12 AM4/16/12
to bind-...@lists.isc.org
On 4/16/2012 9:40 AM, Matthew Huff wrote:
> Actually, this can be done.
>
> Create a zone file for "www.google.com", not "google.com". The zone file
> should like this (replace THIS_HOSTNAME with the name of your nameserver:
>
>
> @ IN SOA localhost root@localhost. (
> 2012041100
> 7200
> 1800
> 1209600
> 300 )
>
> IN NS THIS_HOSTNAME
>
> IN CNAME nosslsearch.google.com.
Which isn't legal since you can't have a CNAME and another RR at the
same label.
AlanC
--
al...@clegg.com | acl...@infoblox.com
1.919.355.8851
> Actually, this can be done.
>
> Create a zone file for "www.google.com", not "google.com". The zone file
> should like this (replace THIS_HOSTNAME with the name of your nameserver:
>
>
> @ IN SOA localhost root@localhost. (
> 2012041100
> 7200
> 1800
> 1209600
> 300 )
>
> IN NS THIS_HOSTNAME
>
> IN CNAME nosslsearch.google.com.
Which isn't legal since you can't have a CNAME and another RR at the
same label.
AlanC
--
al...@clegg.com | acl...@infoblox.com
1.919.355.8851
Ben Croswell
Apr 16, 2012, 9:55:19 AM4/16/12
to Matthew Huff, bind-...@lists.isc.org
This is incorrect. It is illegal to have a cname and any other record on the same name in dns. The ns and soa count as records.
On Apr 16, 2012 9:41 AM, "Matthew Huff" <mh...@ox.com> wrote:
Actually, this can be done.
Create a zone file for "www.google.com", not "google.com". The zone file
should like this (replace THIS_HOSTNAME with the name of your nameserver:
@ IN SOA localhost root@localhost. (
2012041100
7200
1800
1209600
300 )
IN NS THIS_HOSTNAME
IN CNAME nosslsearch.google.com.
----
Matthew Huff | 1 Manhattanville Rd
Director of Operations | Purchase, NY 10577
OTA Management LLC | Phone: 914-460-4039
aim: matthewbhuff | Fax: 914-460-4139
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-...@lists.isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-...@lists.isc.org
/dev/rob0
Apr 16, 2012, 10:00:14 AM4/16/12
to bind-...@lists.isc.org
On Mon, Apr 16, 2012 at 09:40:16AM -0400, Matthew Huff wrote:
> Actually, this can be done.
>
> Create a zone file for "www.google.com", not "google.com". The zone file
> should like this (replace THIS_HOSTNAME with the name of your nameserver:
>
>
> @ IN SOA localhost root@localhost. (
> 2012041100
> 7200
> 1800
> 1209600
> 300 )
>
> IN NS THIS_HOSTNAME
>
> IN CNAME nosslsearch.google.com.
Did you try this out with named-checkzone(8)?
> Actually, this can be done.
>
> Create a zone file for "www.google.com", not "google.com". The zone file
> should like this (replace THIS_HOSTNAME with the name of your nameserver:
>
>
> @ IN SOA localhost root@localhost. (
> 2012041100
> 7200
> 1800
> 1209600
> 300 )
>
> IN NS THIS_HOSTNAME
>
> IN CNAME nosslsearch.google.com.
1. Bad SOA:
a. unqualified MNANE
b. "@" in RNAME
2. CNAME and other data
The top of a zone cannot be a CNAME, because SOA and NS are required.
The OP needs to talk to Google about their suggestion.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Chris Buxton
Apr 16, 2012, 12:07:32 PM4/16/12
to Tobias Krais, bind-...@lists.isc.org
On Apr 15, 2012, at 3:40 PM, Tobias Krais wrote:
> Hi Ben,
>
> hmm. How can I manage what google suggests:
> "Information for school network administrators about the No-SSL option
>
> To utilize the no SSL option for your network, configure the DNS entry
> for www.google.com to be a CNAME for nosslsearch.google.com."
> Source:
> http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer=186669.
> You can find this quite at the end of the document.
>
> How can I realize such a configuration in bind?
I believe you can use response policy (RPZ) to achieve this. Or you can use just about any non-BIND resolver (e.g. unbound) to achieve this.
> Hi Ben,
>
> hmm. How can I manage what google suggests:
> "Information for school network administrators about the No-SSL option
>
> To utilize the no SSL option for your network, configure the DNS entry
> for www.google.com to be a CNAME for nosslsearch.google.com."
> Source:
> http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer=186669.
> You can find this quite at the end of the document.
>
> How can I realize such a configuration in bind?
Chris Buxton
BlueCat Networks
Tobias Krais
Apr 17, 2012, 8:24:48 AM4/17/12
to bind-...@lists.isc.org
Hi all together,
very interesting this discussion. For I am a newbie I understood only half.
Thus I detected 2 ways to continue:
> I believe you can use response policy (RPZ) to achieve this. Or you can use just about any non-BIND resolver (e.g. unbound) to achieve this.
1. Don't use bind but e.g. unbound instead.
2. Ask Google.
Any other ideas I missed?
I will do so and in case of success, I'll post the link here.
Thanks for your great help!
Greetings,
Tobias
very interesting this discussion. For I am a newbie I understood only half.
Thus I detected 2 ways to continue:
> I believe you can use response policy (RPZ) to achieve this. Or you can use just about any non-BIND resolver (e.g. unbound) to achieve this.
2. Ask Google.
Any other ideas I missed?
I will do so and in case of success, I'll post the link here.
Thanks for your great help!
Greetings,
Tobias
Phil Mayers
Apr 17, 2012, 9:00:40 AM4/17/12
to bind-...@lists.isc.org
On 17/04/12 13:24, Tobias Krais wrote:
> Hi all together,
>
> very interesting this discussion. For I am a newbie I understood only
> half.
>
> Thus I detected 2 ways to continue:
>
>> I believe you can use response policy (RPZ) to achieve this. Or you
>> can use just about any non-BIND resolver (e.g. unbound) to achieve
>> this.
>
> 1. Don't use bind but e.g. unbound instead.
>
> 2. Ask Google.
>
> Any other ideas I missed?
3. Use RPZ, as per Chris' suggestion
> Hi all together,
>
> very interesting this discussion. For I am a newbie I understood only
> half.
>
> Thus I detected 2 ways to continue:
>
>> I believe you can use response policy (RPZ) to achieve this. Or you
>> can use just about any non-BIND resolver (e.g. unbound) to achieve
>> this.
>
> 1. Don't use bind but e.g. unbound instead.
>
> 2. Ask Google.
>
> Any other ideas I missed?
4. Create a zone for "www.google.com" and instead of CNAME, put an A
record at the apex with the same IP as "nosslsearch.google.com". Run a
script FREQUENTLY to re-resolve the host, as Google do short-TTL
DNS-based loadbalancing.
5. Don't do this at all, since interfering with SSL is bad.
Tobias Krais
Apr 17, 2012, 9:50:22 AM4/17/12
to bind-...@lists.isc.org
Hi Phil,
>> 1. Don't use bind but e.g. unbound instead.
First: here the link to follow on the unbound mailing list:
http://unbound.nlnetlabs.nl/pipermail/unbound-users/2012-April/002329.html
>> Any other ideas I missed?
>
> 3. Use RPZ, as per Chris' suggestion
>
> 4. Create a zone for "www.google.com" and instead of CNAME, put an A
> record at the apex with the same IP as "nosslsearch.google.com". Run a
> script FREQUENTLY to re-resolve the host, as Google do short-TTL
> DNS-based loadbalancing.
>
> 5. Don't do this at all, since interfering with SSL is bad.
Thanks for that hint. I'll give it a try if the unbound solution won't work.
Greetings,
Tobias
>> 1. Don't use bind but e.g. unbound instead.
http://unbound.nlnetlabs.nl/pipermail/unbound-users/2012-April/002329.html
>> Any other ideas I missed?
>
> 3. Use RPZ, as per Chris' suggestion
>
> 4. Create a zone for "www.google.com" and instead of CNAME, put an A
> record at the apex with the same IP as "nosslsearch.google.com". Run a
> script FREQUENTLY to re-resolve the host, as Google do short-TTL
> DNS-based loadbalancing.
>
> 5. Don't do this at all, since interfering with SSL is bad.
Greetings,
Tobias
Tobias Krais
May 8, 2012, 10:56:43 AM5/8/12
to bind-...@lists.isc.org
Hi Phil,
> 4. Create a zone for "www.google.com" and instead of CNAME, put an A
> record at the apex with the same IP as "nosslsearch.google.com". Run a
> script FREQUENTLY to re-resolve the host, as Google do short-TTL
> DNS-based loadbalancing.
For unbound has no solution Inow want to try your suggestion no. 4. My
db file now looks like this:
-----%<-----
IN A 216.239.32.20 #nosslsearch.google.com.
-----%<-----
But this does not work. Can you tell me whats wrong?
Greetings,
Tobias
> 4. Create a zone for "www.google.com" and instead of CNAME, put an A
> record at the apex with the same IP as "nosslsearch.google.com". Run a
> script FREQUENTLY to re-resolve the host, as Google do short-TTL
> DNS-based loadbalancing.
db file now looks like this:
-----%<-----
IN A 216.239.32.20 #nosslsearch.google.com.
-----%<-----
But this does not work. Can you tell me whats wrong?
Greetings,
Tobias
Barry Margolin
May 8, 2012, 11:16:04 AM5/8/12
to comp-protoc...@isc.org
In article <mailman.713.1336489...@lists.isc.org>,
"#" isn't the comment character in DNS zond files, ";" is.
--
Barry Margolin
Arlington, MA
--
Barry Margolin
Arlington, MA
Jan-Piet Mens
May 8, 2012, 11:38:55 AM5/8/12
to bind-...@lists.isc.org
> -----%<-----
> @ IN SOA localhost root@localhost. (
> 2012041100
> 7200
> 1800
> 1209600
> 300 )
> IN A 216.239.32.20 #nosslsearch.google.com.
> -----%<-----
What's the hash doing there? ...........^
> @ IN SOA localhost root@localhost. (
> 2012041100
> 7200
> 1800
> 1209600
> 300 )
> IN A 216.239.32.20 #nosslsearch.google.com.
> -----%<-----
That's not a comment.
Replace that whole line by
nosslsearch.google.com. IN A 216.239.32.20
Assuming you've configured the zone correctly, that ought to do the
trick. (It has been pointed out to you previously, that this IP address
is bound to change -- you should monitor the "real" domain name
frequently and then update (dynamically?) your zone.
-JP
Chris Thompson
May 8, 2012, 12:07:39 PM5/8/12
to Tobias Krais, comp-protoc...@isc.org
On May 8 2012, Barry Margolin wrote:
>In article <mailman.713.1336489...@lists.isc.org>,
> Tobias Krais <tux-...@design-to-use.de> wrote:
>
>In article <mailman.713.1336489...@lists.isc.org>,
> Tobias Krais <tux-...@design-to-use.de> wrote:
>
>"#" isn't the comment character in DNS zond files, ";" is.
Also, you need at least one NS record (maybe for "localhost.").
named-checkzone would have told you about both these problems.
Less serious problems:
It's better to use a $TTL directive than rely on it defaulting to
the SOA.MINTTL value (or specify all TTLs explicltly).
You probably meant "root.localhost." for the SOA.rname.
--
Chris Thompson
Email: ce...@cam.ac.uk
/dev/rob0
May 8, 2012, 1:03:37 PM5/8/12
to bind-...@lists.isc.org
Sundry nitpicks. Not much of interest here, sorry.
On Tue, May 08, 2012 at 05:38:55PM +0200, Jan-Piet Mens wrote:
> > -----%<-----
> > @ IN SOA localhost root@localhost. (
> > 2012041100
> > 7200
> > 1800
> > 1209600
> > 300 )
> > IN A 216.239.32.20 #nosslsearch.google.com.
> > -----%<-----
>
@ IN A 216.239.32.20
This zone is named "www.google.com."
> Assuming you've configured the zone correctly, that ought to do the
> trick. (It has been pointed out to you previously, that this IP
> address is bound to change -- you should monitor the "real" domain
> name frequently and then update (dynamically?) your zone.
And the SOA.serial implies the date of April 11. :) Seriously, you
would probably want the serial to reflect the date you last did a
check of the upstream name, nosslsearch.google.com.
On Tue, May 08, 2012 at 05:38:55PM +0200, Jan-Piet Mens wrote:
> > -----%<-----
> > @ IN SOA localhost root@localhost. (
> > 2012041100
> > 7200
> > 1800
> > 1209600
> > 300 )
> > IN A 216.239.32.20 #nosslsearch.google.com.
> > -----%<-----
>
> What's the hash doing there? ...........^
>
> That's not a comment.
>
> Replace that whole line by
>
> nosslsearch.google.com. IN A 216.239.32.20
ITYM:
>
> That's not a comment.
>
> Replace that whole line by
>
> nosslsearch.google.com. IN A 216.239.32.20
@ IN A 216.239.32.20
This zone is named "www.google.com."
> Assuming you've configured the zone correctly, that ought to do the
> trick. (It has been pointed out to you previously, that this IP
> address is bound to change -- you should monitor the "real" domain
> name frequently and then update (dynamically?) your zone.
On Tue, May 08, 2012 at 05:07:39PM +0100, Chris Thompson wrote:
> On May 8 2012, Barry Margolin wrote:
>
> >In article <mailman.713.1336489...@lists.isc.org>,
> >Tobias Krais <tux-...@design-to-use.de> wrote:
> >
> On May 8 2012, Barry Margolin wrote:
>
> >In article <mailman.713.1336489...@lists.isc.org>,
> >Tobias Krais <tux-...@design-to-use.de> wrote:
> >
> >"#" isn't the comment character in DNS zond files, ";" is.
>
> Also, you need at least one NS record (maybe for "localhost.").
> named-checkzone would have told you about both these problems.
>
> Less serious problems:
>
> It's better to use a $TTL directive than rely on it defaulting to
> the SOA.MINTTL value (or specify all TTLs explicltly).
>
> You probably meant "root.localhost." for the SOA.rname.
And "localhost." for the SOA.mname.
>
> Also, you need at least one NS record (maybe for "localhost.").
> named-checkzone would have told you about both these problems.
>
> Less serious problems:
>
> It's better to use a $TTL directive than rely on it defaulting to
> the SOA.MINTTL value (or specify all TTLs explicltly).
>
> You probably meant "root.localhost." for the SOA.rname.
And the SOA.serial implies the date of April 11. :) Seriously, you
would probably want the serial to reflect the date you last did a
check of the upstream name, nosslsearch.google.com.
Joseph S D Yao
May 8, 2012, 4:03:13 PM5/8/12
to Tobias Krais, bind-...@lists.isc.org
On Tue, Apr 17, 2012 at 02:24:48PM +0200, Tobias Krais wrote:
> Hi all together,
>
> very interesting this discussion. For I am a newbie I understood only half.
>
> Thus I detected 2 ways to continue:
>
> > I believe you can use response policy (RPZ) to achieve this. Or you can use just about any non-BIND resolver (e.g. unbound) to achieve this.
>
> Hi all together,
>
> very interesting this discussion. For I am a newbie I understood only half.
>
> Thus I detected 2 ways to continue:
>
> > I believe you can use response policy (RPZ) to achieve this. Or you can use just about any non-BIND resolver (e.g. unbound) to achieve this.
>
> 1. Don't use bind but e.g. unbound instead.
>
> 2. Ask Google.
>
...
6. Use your workstation's /etc/hosts or MSW's something...\hosts file
to insert the desired IP address for www.google.com. This is as bad a
suggestion as all the others - worse, because it doesn't scale to a
site with multiple workstations.
--
/*********************************************************************\
**
** Joe Yao js...@tux.org - Joseph S. D. Yao
**
\*********************************************************************/
Tobias Krais
May 9, 2012, 1:16:13 AM5/9/12
to bind-...@lists.isc.org
Hi Jan-Piet,
> What's the hash doing there? ...........^
>
> That's not a comment.
Thanks. I continue learning...
Zone is www.google.com. That won't work here
> Assuming you've configured the zone correctly, that ought to do the
> trick. (It has been pointed out to you previously, that this IP address
> is bound to change -- you should monitor the "real" domain name
> frequently and then update (dynamically?) your zone.
Yes, Phil already told me. But first it has to work with an A record...
Thanks Jan-Piet!
Greetings,
Tobias
> What's the hash doing there? ...........^
>
> That's not a comment.
Zone is www.google.com. That won't work here
> Assuming you've configured the zone correctly, that ought to do the
> trick. (It has been pointed out to you previously, that this IP address
> is bound to change -- you should monitor the "real" domain name
> frequently and then update (dynamically?) your zone.
Thanks Jan-Piet!
Greetings,
Tobias
Tobias Krais
May 9, 2012, 1:41:15 AM5/9/12
to bind-...@lists.isc.org
Hi together,
thanks for these many hints. Wow! So many mistakes in a few lines. Here
ist now my config file:
-----%<-----
@ IN SOA localhost. root.localhost. (
2012050900
1800 IN A 216.239.32.20 ;nosslsearch.google.com.
-----%<-----
And here my dig answer:
-----%<-----
root@tobias-xps:/home/tobias# dig @localhost www.google.com
; <<>> DiG 9.8.1-P1 <<>> @localhost www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51300
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 1800 IN A 216.239.32.20
...
-----%<-----
That looks good. Are there any more mistakes or hints not mentioned yet?
Greetings,
Tobias
thanks for these many hints. Wow! So many mistakes in a few lines. Here
ist now my config file:
-----%<-----
@ IN SOA localhost. root.localhost. (
2012050900
7200
1800
1209600
300 )
1800 IN NS localhost.
1800
1209600
300 )
1800 IN A 216.239.32.20 ;nosslsearch.google.com.
-----%<-----
And here my dig answer:
-----%<-----
root@tobias-xps:/home/tobias# dig @localhost www.google.com
; <<>> DiG 9.8.1-P1 <<>> @localhost www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51300
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 1800 IN A 216.239.32.20
...
-----%<-----
That looks good. Are there any more mistakes or hints not mentioned yet?
Greetings,
Tobias
0 new messages