[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: named setup problems



"Stephen J. Carpenter" <sjc@delphi.com> writes:
>then setup one of them so that it has no knowledge of any root servers and
>is the primary nameserver for the network...and list no other
>outside adresses or nameservers anywhere.

    I'm not sure I am completely understanding the issue that you are having.
    Are you planning to have the internal systems stay internal, and have the
    external system [spiderman] resolv off of the internet?

    What I would suggest is:

    1) Setup an internal root server on your linux box.
        All these zones would have an NS record pointing back to your linux
        box.
        - Have the typical "0.0.127.in-addr.arpa" that has a PTR for 
          "1" [.0.0.127.in-addr.arpa] to "localhost." 
        - Have the typical "localhost" domain that points to 127.0.0.1
        - Have a "carpanet" domain with A records for the names of your
          10.0.0 systems.
        - Have a 0.0.10.in-addr.arpa domain that has the PTRs for for your
          internal names.
        - [the important part] instead of a "." cache zone, you will want
          a "." primary zone, so that your internal server is authoritive
          for everything.  This should have the NS for your linux box.
          You could have all the above information in this zone, but it's
          a little cleaner to seperate it to seperate zones.  Now if any of
          your internal zones were being served off another system, you would
          want NS delegations for those zones to the other system [and glue
          A records if the name of the system is within the zone that it
          serves].

    2) Set up your Win95 system as a caching server with the typical root
       servers in the root hints file [the cache zone].  You _may_ also want
       to set it up as secondary to your internal zones [with your linux as
       primary] so that your Win95 nameserver can resolve things like 
       "shit-box.carpanet".

       If your using BIND 8, you may want to set the secondary zones with
       allow-query to just be your 10.0.0 subnet, so that there is no real
       concern that external requests to your server won't resolve your
       internal addresses... you may also want to setup allow-transfer on
       those zones to prevent remote systems from getting information about
       your internal network [like all the names and IP addresses, and all
       that.

    Another thing you could do is to have your PPP dialup change your
    config some.  Replace your root config file with a normal file that
    has the root server hints, and reload your server... then replace it
    back and reload when your connection closes.... but that would be a
    little more challenging.

    There are a lot of other things you can do with forwarding and forward
    servers, and forward-only servers and all that if the above wasn't really
    what you were looking for... let us know.

                                                    -Jeff


--  
Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null


Reply to: