On 9/24/10 11:12 PM, cpolish at surewest.net wrote: > On Fri, Sep 24, 2010 at 10:28:41PM +0200, Dotan Cohen wrote: >> On Fri, Sep 24, 2010 at 22:24, Alexander Dalloz<ad+lists at uni-x.org> wrote: >>> http://www.zytrax.com/books/dns/ >>> >>> That is a good source to read up about bind configuration. >>> >>> As a sidenote please be aware, that if someone directly queries your >>> ns1.exampleA.com for exampleB.com zone records he will get proper >>> answers. If you would need to prevent this for any reason you would need >>> a extended bind config design using views. >>> >>> While the zytrax book has lessons about views you can too find a resource in >>> >>> http://www.cymru.com/Documents/secure-bind-template.html >>> >> >> Wow, thank you! There is some good reading there, especially the >> security link. Lots of little holes to exploit! >> >> I will be up for the night! > > For completeness: there is the BIND 9 Administrator Reference Manual, > known as the ARM, usually supplied under /usr/share/doc/. > And what many consider to be the standard reference, Liu and Albitz's > "DNS and BIND" published by O'Reilly. I believe it's up to the > 5th edition now; an earlier edition used to be provided online. > If you're serious about learning DNS you ought to consider this book. Learning bind is sort of like learning sendmail though. They both do a million things you'll never need (and if you do you should probably change your design...). The trick - especially when you start with the full references - is to figure out the simple part you need to understand and ignore the rest. And when using distribution-packaged versions, most of what you need is already there. -- Les Mikesell lesmikesell at gmail.com