Multiple domains and the single address blues

Multiple domains and the single address blues

Post by FreeBSD Rock » Sat, 16 Oct 1999 04:00:00



Thank You Ahead of Time
Can someone point me in the right direction. I have one IP address and would
like to host multiple domain names. I am not quite clear on how to handle
named.conf or reverse. A guess:

named.conf:

zone "domain1.com" {
    type master;
    file "domain1.db";

Quote:};

zone "domain2.com" {
    type master;
    file "domain2.db";

Quote:};

zone "10.168.192.in-addr.arpa {
    type master;
    file "192.168.10.db";

Quote:};

domain1.db    AND    domain2.db replacing all domain1's w/ a domain2

domain1.com    IN    SOA etc...

              IN    NS    ns.domain1.com.
              IN    MX    100 border.domain1.com.
              IN    A    192.168.10.1

ns           IN    A    192.168.10.1
border    IN    A    192.168.10.1
mail        IN    CNAME    border.domain1.com.
www      IN    CNAME    border.domain1.com.

I am not sure what the reverse would be since the address is the same but
the host name is different. Dou you just pick one hostname and go? would
this not let a remote machine think it got a succesful lookup?

 
 
 

Multiple domains and the single address blues

Post by David Schwart » Sat, 16 Oct 1999 04:00:00


        Ideally, unless you have a good reason not to, just pick one host name
and stick with it. Make that host name resolve to your IP, and make your
IP resolve to that hostname. For additional hosts, just CNAME them to
the main host. This is the cleanest approach, and should be used unless
there's some overriding reason to do otherwise.

        DS

 
 
 

Multiple domains and the single address blues

Post by Richard Cale » Sat, 16 Oct 1999 04:00:00


fr> I am not sure what the reverse would be since the address is the same but
fr> the host name is different. Dou you just pick one hostname and go? would
fr> this not let a remote machine think it got a succesful lookup?

I think the only sane solution is to pick some neutral name for your
machine (services.your.domain say) set that up forward and reverse as
normal. Then you make CNAMEs for the other domain names.

The problem occurs only if someone does something like set up access
authorisation for some resource based on domain name. If they do the
reverse lookup they get the neutral name. This at least doesn't look
too much like a spoof to the humans you interact with. Since it's only
one machine it should be possible to persuade them to authenticate
that name rather than the specific name they think you are.

Hope that makes sense.

--

                                                 |<