Highlighted
Absent Member.
Absent Member.
2087 views

Internal DNS only

How would I setup a DNS server on Netware 6.5 sp5 so that it will not
access external addresses and only answer internal queries? I need an
internal-only DNS server with no forwarding and no contacting outside
servers. Any help you can give me would be greatly appreciated. Thanks!
Labels (1)
0 Likes
8 Replies
Highlighted
Absent Member.
Absent Member.

Re: Internal DNS only

aborn@bankdataservices.com wrote:
> How would I setup a DNS server on Netware 6.5 sp5 so that it will not
> access external addresses and only answer internal queries? I need an
> internal-only DNS server with no forwarding and no contacting outside
> servers. Any help you can give me would be greatly appreciated. Thanks!


Just set up the dns server and don't give it any forwarding ip's for
external servers to reference.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Internal DNS only

> aborn@bankdataservices.com wrote:
> > How would I setup a DNS server on Netware 6.5 sp5 so that it will not
> > access external addresses and only answer internal queries? I need

an
> > internal-only DNS server with no forwarding and no contacting outside
> > servers. Any help you can give me would be greatly appreciated.

Thanks!
>
> Just set up the dns server and don't give it any forwarding ip's for
> external servers to reference.


Cool!! Thanks!
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Internal DNS only

In article <DUo8g.4692$U_.4492@prv-forum2.provo.novell.com>, Patrick
Farrell wrote:
> Just set up the dns server and don't give it any forwarding ip's for
> external servers to reference.
>

It will still contact the root servers for requests it cannot service.
Deleting the RootServerInfo zone causes its own set of problems, so in
addition to your suggestion, he could delete all but one server in that
zone, and change the address of the remaining one to point to... not
sure here... either 127.0.0.1 or a non-existent IP address -- I'm not
sure what the impact would be for either of these (this is a somewhat
unique request!)

bd
NSC Volunteer SysOp


0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Internal DNS only

There is more... here is my reply to Patrick:

"It will still contact the root servers for requests it cannot service.
Deleting the RootServerInfo zone causes its own set of problems, so in
addition to your suggestion, he could delete all but one server in that
zone, and change the address of the remaining one to point to... not
sure here... either 127.0.0.1 or a non-existent IP address -- I'm not
sure what the impact would be for either of these (this is a somewhat
unique request!)."

bd
NSC Volunteer SysOp


0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Internal DNS only

Brad Doster wrote:

> In article <DUo8g.4692$U_.4492@prv-forum2.provo.novell.com>, Patrick
> Farrell wrote:
>
>>Just set up the dns server and don't give it any forwarding ip's for
>>external servers to reference.
>>

>
> It will still contact the root servers for requests it cannot service.
> Deleting the RootServerInfo zone causes its own set of problems, so in
> addition to your suggestion, he could delete all but one server in that
> zone, and change the address of the remaining one to point to... not
> sure here... either 127.0.0.1 or a non-existent IP address -- I'm not
> sure what the impact would be for either of these (this is a somewhat
> unique request!)
>
> bd
> NSC Volunteer SysOp
>
>


Really? That's news to me. Ok then firewall off outbound DNS requests
by that server...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Internal DNS only

In article <nx59g.1025$3j4.417@prv-forum2.provo.novell.com>, Patrick
Farrell wrote:
> Ok then firewall off outbound DNS requests
> by that server...
>

Yep, that works too, although some folks object to the excessive DNS
entries in the FW logs.

bd
NSC Volunteer SysOp


0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Internal DNS only

Brad Doster wrote:
> In article <nx59g.1025$3j4.417@prv-forum2.provo.novell.com>, Patrick
> Farrell wrote:
>
>>Ok then firewall off outbound DNS requests
>>by that server...
>>

>
> Yep, that works too, although some folks object to the excessive DNS
> entries in the FW logs.
>
> bd
> NSC Volunteer SysOp
>
>


Ok, firewall off DNS and turn off logging for denied outbound packets
for DNS. 🙂

If you then still want to see DNS denials for everything else, create a
second DNS rule for everything else and turn on logging for that 🙂

I can do this with my watchguard firebox, I imagine most othe commercial
boxes will too. I'm guessing it's also possible with open sauce
implimentations.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Internal DNS only

No argument here! 🙂

bd
NSC Volunteer SysOp


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.