BIND 8 forwarding question

Marc.Thach at radianz.com Marc.Thach at radianz.com
Mon Oct 29 12:37:40 UTC 2001



Ron,
The DNS stuff you suggest is fine, a standard caching DNS with the addition
of mycompany.com as a forward zone will do the trick. You may have some
trouble with routing.  I guess that if you want to forward DNS from the RH
box back through your W2k and up the tunnel, then that may be do-able
depending on your VPN client (the client may not allow it).  However, you
will need a route back into the tunnel at the other end.  So you may have
to run your home network within your office addressing scheme and get an
appropriate route added there.  Alternatively or if this is not possible,
you may be able to masquerade to the IP of your VPN interface within the
W2k.  That sounds pretty scary, but you might be able to run some Windows
line-sharing program to do this.  It depends upon the transparency of your
VPN IP interface.  It may also be possible to run the tunnel endpoint on
the RH server instead, I don't know what's available in this sphere.
rgds
Marc TXK



                                                                                                                     
                    lmnr0026 at tm1.at                                                                                  
                    (Ron Lyman)            To:     comp-protocols-dns-bind at moderators.isc.org                        
                    Sent by:               cc:                                                                       
                    bind-users-boun        Subject:     Re: BIND 8 forwarding question                               
                    ce at isc.org                                                                                       
                                                                                                                     
                                                                                                                     
                    27/10/2001                                                                                       
                    20:10                                                                                            
                                                                                                                     
                                                                                                                     





Marc.Thach at radianz.com wrote in message
news:<9q3pkm$22r at pub3.rc.vix.com>...
> Paul,
> Show us your db.cache, you show me yours, and I'll show you mine :-)
> I for one am pretty confused about what you are trying to acheive here.
> rgds
> Marc TXK

You are confused, I am very interested.  This is starting to look like
a possible solution for me.

In the role of 'end-user', I have set up a VPN connection on my Win2K
box at home to connect to work, via a cable (@Home) internet
connection.  Works fairly well, with only two problems.
1 - the routing table is modified, so I change it back the way I want
with default gw being to the Internet (192.168.1.1) and adding a route
to the office LAN via the VPN interface (dynamic).  I'll script this
or something eventually.
2 - The one I need help with - DNS querys are resolved using the
primary DNS of the NIC.  So, public ip resolution works fine, but not
private.  Sure I could list the private server as primary but
  a) all requests would go there and I don't want that and
  b) there will be a timeout delay if the VPN connection is down.

So.  I have a box here I'm about to feed with linux redhat 7.2 to
'play' with.  I'm wondering if I can run BIND here configured such
that requests for *.mycompany.com are resolved by the private server
and all others go to my ISP's public DNS.  Then the machines on my
home LAN will have 192.168.1.2 as the primary DNS server.  I'm
thinking "routing table for DNS servers".  :)

I'm not a total newbie, but this DNS issue is a little beyond me at
the moment.  If y'all have any ideas to help me out, I'll appreciate
them.  (Or I'll spend a few more hours sifting through the archives,
and HOWTOs, etc.)

TIA,
Ron Lyman  [ ron (at) linux (dot) ca ]







More information about the bind-users mailing list