Re: bind lan names verses real names

["Moe Binkerman" <moebinkerman@hotmail.com>]

This is interesting, I didn't realize you could do something like this. I've 
read part of the bind book, but I didn't get this far..... Thanks.


> From: Bill Moseley <moseley@hank.org>
> To: Moe Binkerman <moebinkerman@hotmail.com>
> CC: debian-user@lists.debian.org
> Subject: Re: bind lan names verses real names
> Date: Mon, 12 May 2003 07:53:12 -0700
>
> On Mon, May 12, 2003 at 05:10:57AM -0400, Moe Binkerman wrote:
> >
> > Here is my setup: I have 4 machines, on a lan, so I need local names. 
> I'm
> > using the domain mylan.lan. So my desktop box is 192.168.1.10 and its 
> name
> > is quasar.mylan.lan. The rest of my local box's have addresses 
> 192.168.1.x
> > and *.mylan.lan names. I'm running bind on my desktop. Everything works
> > fine on the local lan.
> >
> > one of my boxes, spider,  has a dsl connection to the internet, it NATs 
> the
> > lan machines. I also have a real internet domain. I have the real domain
> > working fine, running bind on spider. My homepages, etc work from the
> > internet.
> >
> > But I still have a problem, spider, can't get local names.
>
> I have a similar setup, but I use the same domian name internally and 
> externally.  You don't
> want external DNS lookups to find your internal machines (and report a 
> non-routable
> 192.168.1.x address).  Bind is running on my NAT box.
>
> So (thanks to debian-user!) I setup bind with "views" which allows me to 
> have one zone for
> external lookups and another for internal lookups.
>
> So from outside my NAT'ed LAN:
>
>    $dig @ns1.hank.org laptop.hank.org
>    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56735
>
> But trying the same thing on the NAT box:
>
>    $dig @ns1.hank.org laptop.hank.org
>    ;; ANSWER SECTION:
>    laptop.hank.org.        86400   IN      A       192.168.1.3
>
> Here's the named.conf setup.  hank.org.internal looks just like hank.org, 
> but includes the
> internal machines.
>
> I'm no expert with Bind, so others may have better adviced.
>
> acl mylan { 127.0.0.0/8; 192.168.0.0/24; 192.168.1.0/24; 63.205.225.170; };
>
> view "internal" {
>         match-clients { mylan; };
>         recursion yes;
>         notify no;
>         include "/etc/bind/common_zones.inc";
>
>         zone "hank.org" IN {
>                 type master;
>                 file "/etc/bind/hank.org.internal";
>         };
>
>         zone "1.168.192.in-addr.arpa" IN {
>                 type master;
>                 file "/etc/bind/db.192.168.1.x";
>         };
>
> };
> view "external" {
>         match-clients { any; };
>         recursion no;
>         allow-query { any; };
>         notify yes;
>
>         include "/etc/bind/common_zones.inc";
>
>         zone "hank.org" IN {
>                 type master;
>                 file "/etc/bind/hank.org";
>         };
>
> };
>
> I think it would have be a better design to allow limiting by client in the 
> zone file --
> then I wouldn't be maintaining duplicate records in two zone files.  I can 
> see where they
> might get out of sync.  Perhaps there's a better way to manage that.
>
>
>
> --
> Bill Moseley
> moseley@hank.org
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963