Re: DNS zone for internal net
In article <20030426150006$651e@gated-at.bofh.it>, moseley@hank.org wrote:
> I'm running Bind9 on the machine that is doing NAT for the internal LAN. It
> provides public DNS lookups for my public machines. Of course I don't want
> to add private IPs to the zone that lists the public IPs.
>
> I suppose one solution would be to create a subdomain and then add a zone
> for that subdomain (that only allowed DNS queries from the internal LAN).
> But then outgoing mail from the internal LAN might use the subdomain which.
>
> I'm sure this is a common setup with a better solution.
You want to use views.
An example (from my home network)....
You may want to adjust this further. The BIND 9 ARM has all the info you
need; you may also want to search the comp.protocols.dns.bind newsgroup
/ bind-users mailing list archives.
/etc/named.conf:
acl internal { 127.0.0.0/8; 192.168.168.0/23; };
acl dmz { 64.174.220.40/29; };
options {
[....]
};
view "inside" {
match-clients { internal; dmz; };
recursion yes;
zone "veggiechinese.net" {
type master;
file "internal/veggiechinese.net";
allow-transfer { internal; dmz; };
};
zone "168.168.192.in-addr.arpa" {
type master;
file "internal/168.168.192.in-addr.arpa";
allow-transfer { internal; dmz; };
};
zone "." {
type hint;
file "named.root";
};
[ snip other inside views ]
};
view "outside" {
match-clients { any; };
recursion no;
zone "veggiechinese.net" {
type master;
file "external/veggiechinese.net";
};
zone "." {
type hint;
file "named.root";
};
[....]
];
--
No copies, please.
To reply privately, simply reply; don't remove anything.
Reply to: