Re: bind lan names verses real names

To: Moe Binkerman <moebinkerman@hotmail.com>
Cc: debian-user@lists.debian.org
Subject: Re: bind lan names verses real names
From: Bill Moseley <moseley@hank.org>
Date: Mon, 12 May 2003 07:53:12 -0700
Message-id: <[🔎] 20030512145312.GD13970@hank.org>
In-reply-to: <[🔎] BAY1-F95SbyxthLVgjR0000e788@hotmail.com>
References: <[🔎] BAY1-F95SbyxthLVgjR0000e788@hotmail.com>

On Mon, May 12, 2003 at 05:10:57AM -0400, Moe Binkerman wrote:
> 
> Here is my setup: I have 4 machines, on a lan, so I need local names. I'm 
> using the domain mylan.lan. So my desktop box is 192.168.1.10 and its name 
> is quasar.mylan.lan. The rest of my local box's have addresses 192.168.1.x 
> and *.mylan.lan names. I'm running bind on my desktop. Everything works 
> fine on the local lan.
> 
> one of my boxes, spider,  has a dsl connection to the internet, it NATs the 
> lan machines. I also have a real internet domain. I have the real domain 
> working fine, running bind on spider. My homepages, etc work from the 
> internet.
> 
> But I still have a problem, spider, can't get local names.

I have a similar setup, but I use the same domian name internally and externally.  You don't 
want external DNS lookups to find your internal machines (and report a non-routable 
192.168.1.x address).  Bind is running on my NAT box.

So (thanks to debian-user!) I setup bind with "views" which allows me to have one zone for 
external lookups and another for internal lookups.

So from outside my NAT'ed LAN:

   $dig @ns1.hank.org laptop.hank.org
   ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56735

But trying the same thing on the NAT box:

   $dig @ns1.hank.org laptop.hank.org
   ;; ANSWER SECTION:
   laptop.hank.org.        86400   IN      A       192.168.1.3

Here's the named.conf setup.  hank.org.internal looks just like hank.org, but includes the 
internal machines.

I'm no expert with Bind, so others may have better adviced.

acl mylan { 127.0.0.0/8; 192.168.0.0/24; 192.168.1.0/24; 63.205.225.170; };

view "internal" {
        match-clients { mylan; };
        recursion yes;
        notify no;
        include "/etc/bind/common_zones.inc";

        zone "hank.org" IN {
                type master;
                file "/etc/bind/hank.org.internal";
        };

        zone "1.168.192.in-addr.arpa" IN {
                type master;
                file "/etc/bind/db.192.168.1.x";
        };

};
view "external" {
        match-clients { any; };
        recursion no;
        allow-query { any; };
        notify yes;

        include "/etc/bind/common_zones.inc";

        zone "hank.org" IN {
                type master;
                file "/etc/bind/hank.org";
        };

};

I think it would have be a better design to allow limiting by client in the zone file -- 
then I wouldn't be maintaining duplicate records in two zone files.  I can see where they 
might get out of sync.  Perhaps there's a better way to manage that.

-- 
Bill Moseley
moseley@hank.org

Reply to:

References:
- bind lan names verses real names
  - From: "Moe Binkerman" <moebinkerman@hotmail.com>

Prev by Date: Re: Why are so many packages "held back?"
Next by Date: promise fasttrak 100 hardware-raid
Previous by thread: Re: bind lan names verses real names
Next by thread: Re: bind lan names verses real names
Index(es):
- Date
- Thread