Re: set up a LAN DNS so that it doesn't conflict with external DNSes

To: Jerome "Lacoste (Frisurf)" <lacostej@frisurf.no>
Cc: Debian-User <debian-user@lists.debian.org>
Subject: Re: set up a LAN DNS so that it doesn't conflict with external DNSes
From: Kevin Buhr <buhr@telus.net>
Date: 17 Feb 2003 11:39:55 -0800
Message-id: <[🔎] 87ptpqvgqc.fsf@saurus.asaurus.invalid>
In-reply-to: <[🔎] 1045497948.718.43.camel@expresso>
References: <[🔎] 1045497948.718.43.camel@expresso>

Jerome "Lacoste (Frisurf)" <lacostej@frisurf.no> writes:
> 
> My needs are the following:
> - from my LAN I want that the address xxx.mydomain.com resolves directly
> to our server (192.168.1.2).
> - I want all my former settings to work. I.e. www.mydomain.com resolves
> to the ISP located site.
> 
> I managed to do the first step. Unfortunately, my bind configuration
> made is so that I couldn't resolve www.mydomain.com anymore. Everything
> else (google, slashdot) resolves correctly.

You presumably made your local server authoritative for
"mydomain.com", and put an SOA record for "mydomain.com" and an A
record for "xxx.mydomain.com" in your zone file, but you didn't
include any records for "www.mydomain.com".

You have a few choices:

1.  You can keep doing things that way and manually duplicate the
address record your ISP has for "www.mydomain.com" in your own zone
file.  If your ISP changes the IP address out from under you, you'll
need to manually fix your own records.

2.  You can keep doing things that way and delegate the
"www.mydomain.com" domain to your ISP's name server using an NS record
on your local name server.  This is terrible DNS practice (because the
ISP's name server won't normally have an SOA record for
"www.mydomain.com"; instead, it'll have one for "mydomain.com" that
conflicts with the one *you* have), but that doesn't particularly
matter for an internal DNS server, and I believe things will work
correctly in this particular case.  No guarantee, though...

3.  You can make your local server authoritative for
"xxx.mydomain.com" instead of "mydomain.com" and include SOA and A
records for *that* domain name.  This will work fine unless you later
decide that there are lots of names at "mydomain.com" that you'd
rather have resolve to local hosts and "www.mydomain.com" is the only
exception.  Then, you either need a separate zone file for every such
host, or you need to switch to method 1 or 2.

> I tried to play with BIND's configuration through webmin, but I didn't
> make it work as expected. Worse I broke my first working step. 

I've never used "webmin" so I don't know what it botched up.  To
implement scheme (3) above, what you want is this.  In what follows,
I'm assuming that xxx.mydomain.com (192.168.1.2) is also the machine
running your local DNS service.

/etc/bind/named.conf:
[ . . . ]
// add entries for other zones below here

zone "xxx.mydomain.com" {
	type master;
	file "/etc/bind/db.xxx.mydomain.com";
}

/etc/bind/db.xxx.mydomain.com:
; authoritative for $ORIGIN xxx.mydomain.com

@		in	soa	@ hostmaster (
				20030217 ; Serial
				28800	 ; refresh period (8 hours)
				7200	 ; retry interval (2 hours)
				604800	 ; expire time (7 days)
				86400 )	 ; negative TTL (1 day)
		in	ns	@
		in	a	192.168.1.2

-- 
Kevin <buhr@telus.net>

Reply to:

References:
- set up a LAN DNS so that it doesn't conflict with external DNSes
  - From: Jerome "Lacoste (Frisurf)" <lacostej@frisurf.no>

Prev by Date: Re: travan ide
Next by Date: cron.daily/exim: "failed to open DB file..." what's this about?
Previous by thread: Re: set up a LAN DNS so that it doesn't conflict with external DNSes
Next by thread: Re: set up a LAN DNS so that it doesn't conflict with external DNSes
Index(es):
- Date
- Thread