Re: set up a LAN DNS so that it doesn't conflict with external DNSes

To: debian-user@lists.debian.org
Subject: Re: set up a LAN DNS so that it doesn't conflict with external DNSes
From: Kirk Strauser <kirk@strauser.com>
Date: Mon, 17 Feb 2003 14:02:33 -0600
Message-id: <[🔎] 87adgupteu.fsf@strauser.com>
In-reply-to: <[🔎] 1045497948.718.43.camel@expresso> (Jerome "Lacoste's message of "17 Feb 2003 17:05:48 +0100")
References: <[🔎] 1045497948.718.43.camel@expresso>

At 2003-02-17T16:05:48Z, Jerome "Lacoste (Frisurf)" <lacostej@frisurf.no> writes:

> - from my LAN I want that the address xxx.mydomain.com resolves directly
> to our server (192.168.1.2).

Let's see if I have this straight.

For clients on the LAN, `xxx.mydomain.com' should resolve to 192.168.1.2.

For clients on the Internet, `xxx.mydomain.com' should resolve to your
public IP.

Is this correct?  Sorry if I'm having a bit of trouble understanding; this
cold medicine is not greatly conducive to lucidity.

If I understood, correctly, you'll probably want to install BIND 9 and
configure seperate `views' for the internal and external networks.

Here are some excerpts from my named.conf that does exactly this:

    acl "lan" {
            10.0.0.0/8;
    };

    view "private" {

        match-clients { "lan"; };
        recursion yes;

        zone "honeypot.net" {
            type master;
            file "internal/db.honeypot.net";
        };
    };

    view "public" {

        match-clients { any; };
        recursion no;

        zone "honeypot.net" {
            type master;
            file "external/db.honeypot.net";
        };
    };

The syntax is pretty straightforward.  Clients that match the "lan" acl get
results from "internal/db.honeypot.net", but everyone else gets results from
"external/db.honeypot.net".  I've used BIND's `$INCLUDE' directive to
simplify those zone files quite a bit.  Both start with:

    $TTL 86400
    @ IN     SOA    ( <snip> )
    $INCLUDE common/db.honeypot.net

which includes a file that has records that both internal and external
clients should get.  In your case, "common/db.mydomain.com" would have all
of the "shared" records.  It would resemble:

    $ORIGIN mydomain.com.
    www      IN         A       my.isp.public.ip

"internal/db.mydomain.com" would look like:

    $TTL 86400
    @ IN     SOA    ( <snip> )
    $INCLUDE common/db.mydomain.com
    xxx      IN         A       192.168.1.2

and "external/db.mydomain.com" would be similar to:

    $TTL 86400
    @ IN     SOA    ( <snip> )
    $INCLUDE common/db.mydomain.com
    xxx      IN         A       aaa.bbb.ccc.ddd

I hope this makes sense.  If it doesn't, please blame Alka Seltzer Cold &
Flu and don't think too harshly of me.
-- 
Kirk Strauser
In Googlis non est, ergo non est.

Attachment: pgpPDrEX8u5t1.pgp
Description: PGP signature

Reply to:

References:
- set up a LAN DNS so that it doesn't conflict with external DNSes
  - From: Jerome "Lacoste (Frisurf)" <lacostej@frisurf.no>

Prev by Date: Re: network problem: configuration/DNS? cannot access internalmachine using our external IP
Next by Date: Re: Recompile kernel lost network
Previous by thread: Re: set up a LAN DNS so that it doesn't conflict with external DNSes
Next by thread: Recompile kernel lost network
Index(es):
- Date
- Thread