Setting up DNS

[Kevin Darcy]

Marcelo Rizzo wrote:

> I am trying to setup a machine as a secondary DNS server. The primary
> is offsite and not connected to my internal network.
> My problem is that I am behind a NAT firewall with a private IP
> network.
> I have a machine setup with DNS to serve the internal network and it
> is working properly. But, I can't quite figure out how to set it up to
> serve both internal and external DNS queries.
> I red several articles on the matter and the more I read them the more
> I get confused.
> Please help.

Do you expect to have this nameserver serve private addresses up to your
internal clients while at the same time, for each of those same names,
serving up public addresses to the Internet? If so, then what you need is
logically 2 nameservers and a "split namespace". Now, you can accommodate
the 2-logical-nameserver requirement by either a) having a separate box
run DNS, b) having 2 "named" instances running on the same box, each
listening to different interfaces (you can use virtual interfaces for
this if you want) or c) use the "view" capability of BIND 9 to give
different answers to different clients depending on their source address
(i.e. in your case you'd serve up the "public" version to any query with
a source address of your NAT firewall, and the "private" version to
anything else on your private network). Regardless of what option you
choose, you'll need to maintain 2 different versions -- "public" versus
"private" -- of your own zone(s).


- Kevin