Running a DNS Master domain behind NAT

Eduardo Bonsi beartcom at pacbell.net
Mon Aug 18 06:09:20 UTC 2003


Dear Mark,

I haven't tested it yet but I am very enthusiastic about learning how 
to manage a external DNS master domain. I know that enthusiasm alone 
will not help but is an start.
Initially here are the things I know:
To run your own in house dns server you must have two name servers in 
two different networks.
Example:
ns1.mydomain.com.			<--Network 1
ns2.myotherdomain.com.		<--Network 2

I do not have that! But I have one external domain that I could run as 
a master and make it one "ns1 or ns2"
Since I don't have "Network 2", I will use my ISP as the "Network 2"  
and I will be the "Network 1".
So here is the setup:

ns1.mydomain.com.			<--Network 1
ns2.myISPdomain.com.		<--Network 2

My questions are:
How do I transform my "alcdesigns.biz" into a fully qualified external 
DNS domain to act as an ns1 or ns2?
My understanding is that I have to setup my "alcdesigns.biz" to be a 
fully qualified (registered) master domain for my own WAN ip zone that 
is ranging from 67.113.9.56-63.
So here is an Example of my zone "alcdesigns.biz":
forward file "named.alcdesigns.biz"
$TTL 3h
alcdesigns.biz.	 IN 	SOA 	ns2.alcdesigns.biz.	 beartcom.pacbell.net. (
					2003081701	  ; Serial
							3h     ; Refresh after 3 hours
							1h     ; Retry after 1 hour
							1w     ; Expire after 1 week
							1h )   ; Negative caching TTL of 1 day
;
;
; Name Servers
;
alcdesigns.biz.				IN NS	ns2.alcdesigns.biz.
alcdesigns.biz.				IN NS	ns1.pbi.net.
alcdesigns.biz.				IN NS	ns2.pbi.net.
;
; eMail
;
mail.alcdesigns.biz.			IN	MX 10 ns2.alcdesigns.biz.
;
; Addresses for the canonical names
;
localhost					IN	A	127.0.0.1
ns2.alcdesigns.biz.			IN	A	67.113.9.57
ns1.pbi.net.					IN	A	206.13.28.11
ns2.pbi.net.					IN	A	206.13.29.11
alcdesigns.biz.				IN	A	67.113.9.57
www.alcdesigns.biz.			IN	A	67.113.9.57
mail.alcdesigns.biz.			IN	A	67.113.9.57	
;
ns2.alcdesigns.biz.			IN	CNAME	alcdesigns.biz.
===
reverse file "named.9.113.67.in-addr.arpa"
$TTL 3h
63-56.9.113.67.in-addr.arpa.	IN SOA	ns2.alcdesigns.biz.  
beartcom.pacbell.net. (
					2003081701	  ; Serial
							3h     ; Refresh after 3 hours
							1h     ; Retry after 1 hour
							1w     ; Expire after 1 week
							1h )   ; Negative caching TTL of 1 day
;
;Name Servers
;
57.9.113.67.in-addr.arpa.		IN NS	ns2.alcdesigns.biz.
11.28.13.206.in-addr.arpa.	IN NS	ns1.pbi.net.
11.29.13.206.in-addr.arpa.	IN NS	ns2.pbi.net.
;
;Addresses point to canonical name
;
57.9.113.67.in-addr.arpa.		IN PTR	ns2.alcdesigns.biz.
11.28.13.206.in-addr.arpa.	IN PTR	ns1.pbi.net.
11.29.13.206.in-addr.arpa.	IN PTR	ns2.pbi.net.
57.9.113.67.in-addr.arpa.		IN PTR	alcdesigns.biz.
57.9.113.67.in-addr.arpa.		IN PTR	www.alcdesigns.biz.
57.9.113.67.in-addr.arpa.		IN PTR	mail.alcdesigns.biz.
===
On my NAT intranet, I would leave the TTL files as follows:
forward file "named.ns2.alcdesigns.biz"
$TTL 86400
@	IN	SOA	ns2.alcdesigns.biz. beartcom.pacbell.net. (
				2003072801	; serial
				8H		; refresh
				2H		; retry
				1W		; expire
				1D )		; minimum
; Name Server
					IN NS	ns1.alcdesigns.biz.
					IN NS	ns2.alcdesigns.biz.	
;
;
; Addresses
localhost			IN A 127.0.0.1
gateway				IN A 192.168.1.1
ns1                             IN A 192.168.1.2
ns2	                        	IN A 192.168.1.3
===
reverse file "named.1.168.192.in-addr.arpa"
$TTL 86400
@	IN	SOA	ns1.alcdesigns.biz. beartcom.pacbell.net. (
				2003072801	; serial
				8H		; refresh
				2H		; retry
				1W		; expire
				1D )		; minimum
; Name Servers
					IN NS	ns1.alcdesigns.biz.
					IN NS	ns2.alcdesigns.biz.	
;
; Addresses for the cannonical names
1					IN PTR	localhost.
1					IN PTR	gateway.alcdesigns.biz.
2					IN PTR	ns1.alcdesigns.biz.
3					IN PTR	ns2.alcdesigns.biz.
===

The named.conf file would look like that:

controls {
        unix "/var/run/ndc" perm 0600 owner 0 group 0;
        inet 127.0.0.1 port 54 allow { any; };
   };
//
acl "internal" {
		localhost; 192.168.1.0/24;
   };
//
options {
	directory "/var/named";
	allow-query { "internal"; };
	allow-recursion { 127.0.0.1; 192.168.1.2; 192.168.1.3; };
	allow-transfer { none; };
	use-id-pool yes;
	fetch-glue no;
	query-source address 192.168.1.3 port 53;
};
//
//
zone "." IN {
	type hint;
	file "named.ca";
};

zone "localhost" IN {
	type master;
	file "localhost.zone";
	allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
	type master;
	file "named.local";
	allow-update { none; };
};
//
//
zone "ns2.alcdesigns.biz" IN {
	type master;
	file "named.ns2.alcdesigns.biz";
};
//
zone "1.168.192.in-addr.arpa" IN {
	type master;
	file "named.1.168.192.in-addr.arpa";
};
//
//
zone "alcdesigns.biz" IN {
	type master;
	file "named.alcdesigns.biz";
};
//
zone "63-56.9.113.67.in-addr.arpa" IN {
	type master;
	file "named.9.113.67.in-addr.arpa";
};

===
Mark, please, could you comment on this?
Thank you!
Eduardo
--
Eduardo Bonsi
System Admin
BEARTCOMMUNICATIONS
www.beart.com
(415) 775-1532
beartcom at pacbell.net



More information about the bind-users mailing list