Public / Private zones - assistance please
tcnojl1 at earthlink.net
Thu Mar 2 22:14:35 UTC 2000
Bruce Schuck wrote:
> I'm having a problem on figuring out setting up DNS to accomodate by
> The company until recently has not been on the internet. But when was
> setting up an internal LAN/WAN, I used the private 10.0.0.0 network so
> I wouldn't have to worry about renumbering when we finally did connect
> to the internet. And now that time has come.
> The internal and external networks are separated by a Cisco 2611
> router which will be doing NAT for IPs behind my firewall. One
> ethernet interface connects to my private 10. network, the other to
> the public subnet. I've had an internal DNS server that was working
> perfectly for what I needed it for. All my machines are of course
> named ???.mydomain.com. However I am now adding things like
> www.mydomain.com, smtp.mydomain.com, etc. But a few of the machines
> outside the firewall need to be able to resolve the internal machines
> for the purpose of forwarding mail and being able to log in from the
> internet (ssh to public machine, then telnet (or even ssh again) to
> internal machines).
> Can I have two DNS servers as primary masters for the .mydomain.com
> zone? The examples in the O'Reilly book use a machine with two
> interfaces, so I couldn't see how to apply the info to what I am
> trying to do. Plus, the machine outside the firewall shouldn't
> advertise the 10. machines to the outside world.
> Bruce S.
The way I chose to deal with this problem is to run
two independent DNS servers. Inside includes all the
internal hosts and any external hosts in my domain.
The outside DNS only includes internet addressed hosts.
both DNS servers are configured as primary and know
nothing about the other.
hosts on the INTERNET use the outside servers
hosts on the inside network only use the inside servers.
inside DNS servers can query DNS root servers through the
firewall. (In your case NAT router).(UDP/TCP port 53 open)
More information about the bind-users