newbee questions....

Kevin Darcy kcd at
Wed Oct 30 00:36:58 UTC 2002

thefluiddruid wrote:

> "Kevin Darcy" <kcd at> wrote in message
> news:apkvmk$1nts$1 at
> > You should definitely not publish a 192.168.*.* address on the Internet
> (that's
> > a "private" address range, see RFC 1918 for details). What you publish to
> the
> > Internet via DNS *must* be the WAN address of your Linksys, and then you
> need
> > to configure the Linksys to forward the appropriate port(s) (most likely
> 80 and
> > possibly also 443) to your internal server.
> Ok, so the above applies to my host file??
> Then the webserver box it's self is done by the zone files??
> If so does that mean that the zone files should use my lan address or my
> localhost address??
> Sorry I'm a little dense..
> Mike
> > For the webserver box itself, you could use either (assuming the
> web
> > server is configured to listen to loopback) or the LAN address in your
> > /etc/hosts, but you'd also have to configure /etc/nsswitch.conf (or the
> > equivalent) to search /etc/hosts ahead of DNS. Otherwise any client
> program
> > will find the WAN address first and try to use it.
> >
> > If you have any LAN client boxes, or plan to have any in the future, you
> also
> > might want to look into "split DNS", where your nameserver serves up
> different
> > addresses to internal clients than it does to external clients (note that
> > implementing split DNS would obviate the /etc/hosts ugliness on your
> server
> > boxes too). Searching for that phrase in the archives of this mailing list
> > should get you plenty of hits; seems like this question gets asked and
> answered
> > multiple times a week (mostly answers to Linksys owners' questions, I
> think
> > :-).

The public (WAN) address needs to be published via DNS if you want Internet
users to get to it. You'll also need to set up port forwarding on your Linksys.

If you want the webserver to be able to resolve its own name *differently* from
what is in the public DNS, then either a) you need to implement "split DNS" and
have the webserver (and any other LAN nodes you may have) use the
"internal" side of the split to resolve the webserver name, or b) have the
webserver (and any other LAN nodes) use some other, non-DNS method of resolving
names, e.g. /etc/hosts files.

In either case, I'd recommend having the webserver's name resolve to its
LAN address in your "internal" namespace. Having it resolve to would
probably be too confusing.

- Kevin

More information about the bind-users mailing list