DNS setup question

Kevin Darcy kcd at daimlerchrysler.com
Wed Aug 28 21:39:12 UTC 2002 

BigB wrote:

> Thanks for the information.
>
> It seems the layout should look something like this:
>
>                 |
>         cable modem
>                 |
>                 |
>                 hub
>                 |
>         ------------------------------------------
>         |               |               |               |
>         DNS 1           DNS 2           FTP svr HTTP svr
>         static IP1      static IP2      192.168.1.2     192.168.1.3
>
> Is this right?

So you're eliminating the Linksys from the equation? In that case,
a) you'll need to harden all of the boxes since they are now exposed to
the raw Internet, b) in the absence of NAT, you won't be able to use the
private 192.168/16 range, so you'll have to get static _public_ IP's for
those nodes, or re-introduce the Linksys or some other NAT'ting device to
run in parallel with the DNS servers (as opposed to in front of them,
like you had it before).

Note that your hub and your cable modem are Single Points of Failure for
DNS in this setup. So I'd only recommend this if you had somebody else
off-site slaving your zone(s).

> DNS 1 and 2 would listen on port 53, resolve the addresses and then
> "send" the request to the http or ftp server?

Um, no. The DNS servers would resolve the name to an address and then the
Internet clients who queried that name would access the FTP or
HTTP servers directly. DNS is just a lookup service; it doesn't do any
routing or NAT'ting.

> Oh, BTW, where would my Linksys router/VPN endpoint fit if I wanted to
> use it for NAT on my personal box or is it for  VPN endpoint?

I'm not sure I understand the relevance of VPN here. The only VPN I'm
familiar with is IPSEC-based VPN, and as long as you have IPSEC
Pass-Through set on your Linksys, it works just fine.

As for NAT, you could NAT any number of servers (within reason :-) behind
your Linksys, as long as they are differentiated by port numbers. For
instance, you could forward port 20 and port 21 to your FTP server, and
port 80 and port 443 (if you use SSL) to your HTTP server. What the
Linksys cannot do, however, is differentiate internal servers by
IP address, since it can have only 1 WAN IP address (according to the
documentation, and in my experience).


- Kevin

More information about the bind-users mailing list