Public / Private zones - assistance please
Bruce Schuck
bschuck at asgard-systems.com
Thu Mar 2 23:09:55 UTC 2000
joseph lang wrote:
> The way I chose to deal with this problem is to run
> two independent DNS servers. Inside includes all the
> internal hosts and any external hosts in my domain.
> The outside DNS only includes internet addressed hosts.
> both DNS servers are configured as primary and know
> nothing about the other.
> hosts on the INTERNET use the outside servers
> hosts on the inside network only use the inside servers.
> inside DNS servers can query DNS root servers through the
> firewall. (In your case NAT router).(UDP/TCP port 53 open)
Joe,
Thanks for the quick response, but here's my dilema that I am trying
to solve. Having 2 servers, where the outside server knows nothing of
the internal 10.0.0.0 network doesn't cut the mustard.
I now have an internet email server. Call it smtp.mydomain.com. It
also happens to be the external DNS server. But I have two machines
inside the firewall from which users will really get and send their
email. Call them mail1.mydomain.com and mail2.mydomain.com. But for
arguments sake, they have IP addresses of 10.10.10.10 and 10.10.20.10
respectively. Now these are behind the firewall and therefore I don't
need their names to be advertised to the internet in general, but I
need for the internet email server to be able to look them up for
forwarding mail inside my domain.
=snippet of /etc/aliases on smtp.mydomain.com (internet/public)=
bschuck bschuck at mail1.mydomain.com
user2 user2 at mail2.mydomain.com
Since my internal DNS server contains data for the outside hosts, I am
using fetchmail to bring the email in for users who need it. And I
relay all outgoing email through the internet email host. But I would
rather not do it this way, at least I want to not use fetchmail.
Bruce Schuck
More information about the bind-users
mailing list