RE: named setup problems
"Stephen J. Carpenter" <email@example.com> writes:
>then setup one of them so that it has no knowledge of any root servers and
>is the primary nameserver for the network...and list no other
>outside adresses or nameservers anywhere.
I'm not sure I am completely understanding the issue that you are having.
Are you planning to have the internal systems stay internal, and have the
external system [spiderman] resolv off of the internet?
What I would suggest is:
1) Setup an internal root server on your linux box.
All these zones would have an NS record pointing back to your linux
- Have the typical "0.0.127.in-addr.arpa" that has a PTR for
"1" [.0.0.127.in-addr.arpa] to "localhost."
- Have the typical "localhost" domain that points to 127.0.0.1
- Have a "carpanet" domain with A records for the names of your
- Have a 0.0.10.in-addr.arpa domain that has the PTRs for for your
- [the important part] instead of a "." cache zone, you will want
a "." primary zone, so that your internal server is authoritive
for everything. This should have the NS for your linux box.
You could have all the above information in this zone, but it's
a little cleaner to seperate it to seperate zones. Now if any of
your internal zones were being served off another system, you would
want NS delegations for those zones to the other system [and glue
A records if the name of the system is within the zone that it
2) Set up your Win95 system as a caching server with the typical root
servers in the root hints file [the cache zone]. You _may_ also want
to set it up as secondary to your internal zones [with your linux as
primary] so that your Win95 nameserver can resolve things like
If your using BIND 8, you may want to set the secondary zones with
allow-query to just be your 10.0.0 subnet, so that there is no real
concern that external requests to your server won't resolve your
internal addresses... you may also want to setup allow-transfer on
those zones to prevent remote systems from getting information about
your internal network [like all the names and IP addresses, and all
Another thing you could do is to have your PPP dialup change your
config some. Replace your root config file with a normal file that
has the root server hints, and reload your server... then replace it
back and reload when your connection closes.... but that would be a
little more challenging.
There are a lot of other things you can do with forwarding and forward
servers, and forward-only servers and all that if the above wasn't really
what you were looking for... let us know.
Unsubscribe? mail -s unsubscribe firstname.lastname@example.org < /dev/null