Caching-only nameserver for internal network

[Wilder, Donald]

Michael,

I would suggest that you set up one of your internal hosts the same as you
have for your firewall except have the forwarders on the internal DNS point
to your firewall DNS. Then have all your internal hosts put the internal DNS
server first in their resolv.conf.

This should work fine.

Donald E. Wilder
Disclaimer: The views expressed are the sole responsibility of the
sender and in no way reflect the official views of the GTE Corporation.

-----Original Message-----
From: Michiel Kreutzer [mailto:mkreutzer at my-deja.com]
Sent: Thursday, August 19, 1999 5:31 AM
To: comp-protocols-dns-bind at moderators.isc.org
Subject: Caching-only nameserver for internal network


Hi,

I have a local, internal network (ip# 192.168.*.*) behind a firewall
running linux (RH 5.2). My ISP's nameserver is painstakingly slow, so I
have managed to set up a caching only nameserver on the firewall, and
have made the neccesary changes to both /etc/named.conf (uncomment the
"any port" line, forward first; forwarders {my_ISP_nameservers;}) and my
firewall script (allow dns communication with my ISP nameservers on port
53). It works wonderfully on the firewall itself (giving the
non-authorative ip#'s on second nslookup, and succesful ip#-to-hostname
lookups).

Now I want to use the firewall caching-only nameservers for all boxes
behind the firewall. These boxes have hostnames (host1, host2, etc.),
which are setup in /etc/hosts on the firewall, and I don't need, nor
want the firewall-nameserver for resolving names inside the intranet, as
I am quite happy with the way this is working now. I have not set up a
domainname for my intranet, and I wonder if I need to. Also, to what
domainnames am I restricted? I can guess linux.org would not be a good
choice, but I wonder if I can use something like home.intranet.

The problem I face now is that if I use firewall's ip-number as the only
nameserver for the other boxes, I cannot resolve any names. At least
nslookup does not work, both in ip#-to-hostname and hostname-to-ip#
mode.

I searched deja.com for help, but did not find any, except from setting
up a nameserver on a second, internal box. This I can nor want to do.
So, my basic question is: I want to use the caching-only nameserver on
my firewall to reduce the dns-traffic to the outside world as much as I
can, and use this nameserver not only for the firewall itself, but also
for the other boxes on the intranet. How can I set this up? I have read
the DNS-HOWTO, but that did not help me succeed.

Thanks beforehand for any input.
Michiel Kreutzer

--
M.T. Kreutzer


Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.