Caching-only nameserver for internal network

Michiel Kreutzer mkreutzer at my-deja.com
Thu Aug 19 09:30:48 UTC 1999


Hi,

I have a local, internal network (ip# 192.168.*.*) behind a firewall
running linux (RH 5.2). My ISP's nameserver is painstakingly slow, so I
have managed to set up a caching only nameserver on the firewall, and
have made the neccesary changes to both /etc/named.conf (uncomment the
"any port" line, forward first; forwarders {my_ISP_nameservers;}) and my
firewall script (allow dns communication with my ISP nameservers on port
53). It works wonderfully on the firewall itself (giving the
non-authorative ip#'s on second nslookup, and succesful ip#-to-hostname
lookups).

Now I want to use the firewall caching-only nameservers for all boxes
behind the firewall. These boxes have hostnames (host1, host2, etc.),
which are setup in /etc/hosts on the firewall, and I don't need, nor
want the firewall-nameserver for resolving names inside the intranet, as
I am quite happy with the way this is working now. I have not set up a
domainname for my intranet, and I wonder if I need to. Also, to what
domainnames am I restricted? I can guess linux.org would not be a good
choice, but I wonder if I can use something like home.intranet.

The problem I face now is that if I use firewall's ip-number as the only
nameserver for the other boxes, I cannot resolve any names. At least
nslookup does not work, both in ip#-to-hostname and hostname-to-ip#
mode.

I searched deja.com for help, but did not find any, except from setting
up a nameserver on a second, internal box. This I can nor want to do.
So, my basic question is: I want to use the caching-only nameserver on
my firewall to reduce the dns-traffic to the outside world as much as I
can, and use this nameserver not only for the firewall itself, but also
for the other boxes on the intranet. How can I set this up? I have read
the DNS-HOWTO, but that did not help me succeed.

Thanks beforehand for any input.
Michiel Kreutzer

--
M.T. Kreutzer


Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.


More information about the bind-users mailing list