I'm a little confused

Kevin Darcy kcd at daimlerchrysler.com
Thu Nov 7 00:38:57 UTC 2002


Jack wrote:

> I have an Internet domain name registered ( yankeeboysoftware.com )
> I have managed to get BIND configured in such a way as to resolve for
> example my smtp server, http server, DNS server (duh !) etc.
>
> The problem I am having is in understanding WHAT needs to be done to
> allow my local lan ( 5 machines on 10.0.0.X netmask 255.255.255.0 ) to
> be serviced by this same name server.
>
> Please help
>
> Also I would like ( not required but would be nice ) to do this via
> WebMin so if you happen to also know the procedure using that GREAT
> free tool, any help in that regard is also appreciated.

To get your clients to use the nameserver should be rather trivial: just
point the client resolvers at the nameserver's address. It should also be
rather trivial for the clients to resolve the names of any of your
HTTP/SMTP/etc. servers which are outside of your NAT, since in that case
they'll be using the public addresses of those servers, i.e. no different
from accessing daimlerchrysler.com or any other Internet website or mail
target.

I'm guessing that you're running into trouble because at least some of
your HTTP/SMTP/etc. servers are located *inside* of your NAT, and your
NAT device doesn't support a "double-NAT", i.e. from an inside device to
an external address, translated or port-forwarded back to an internal
address again.

The most elegant solution to that problem is to configure your nameserver
(assuming it's running BIND 9) with "view"s so that it can resolve the
names of your HTTP/SMTP/etc. servers to public addresses for external
clients, and to private addresses for internal clients. Note, however,
that this will require you to maintain 2 different versions of the same
zone(s). If some of your servers are inside, and some outside, then you
could put the names of the outside servers in a file which could be
$INCLUDE'd into both zonefiles.

Sorry, I can't help you with Webmin since I've never used it. I'm not
sure it even handles "view"s.


- Kevin




More information about the bind-users mailing list