Running a DNS Master domain behind NAT
Eduardo Bonsi
beartcom at pacbell.net
Mon Aug 18 06:09:20 UTC 2003
Dear Mark,
I haven't tested it yet but I am very enthusiastic about learning how
to manage a external DNS master domain. I know that enthusiasm alone
will not help but is an start.
Initially here are the things I know:
To run your own in house dns server you must have two name servers in
two different networks.
Example:
ns1.mydomain.com. <--Network 1
ns2.myotherdomain.com. <--Network 2
I do not have that! But I have one external domain that I could run as
a master and make it one "ns1 or ns2"
Since I don't have "Network 2", I will use my ISP as the "Network 2"
and I will be the "Network 1".
So here is the setup:
ns1.mydomain.com. <--Network 1
ns2.myISPdomain.com. <--Network 2
My questions are:
How do I transform my "alcdesigns.biz" into a fully qualified external
DNS domain to act as an ns1 or ns2?
My understanding is that I have to setup my "alcdesigns.biz" to be a
fully qualified (registered) master domain for my own WAN ip zone that
is ranging from 67.113.9.56-63.
So here is an Example of my zone "alcdesigns.biz":
forward file "named.alcdesigns.biz"
$TTL 3h
alcdesigns.biz. IN SOA ns2.alcdesigns.biz. beartcom.pacbell.net. (
2003081701 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 day
;
;
; Name Servers
;
alcdesigns.biz. IN NS ns2.alcdesigns.biz.
alcdesigns.biz. IN NS ns1.pbi.net.
alcdesigns.biz. IN NS ns2.pbi.net.
;
; eMail
;
mail.alcdesigns.biz. IN MX 10 ns2.alcdesigns.biz.
;
; Addresses for the canonical names
;
localhost IN A 127.0.0.1
ns2.alcdesigns.biz. IN A 67.113.9.57
ns1.pbi.net. IN A 206.13.28.11
ns2.pbi.net. IN A 206.13.29.11
alcdesigns.biz. IN A 67.113.9.57
www.alcdesigns.biz. IN A 67.113.9.57
mail.alcdesigns.biz. IN A 67.113.9.57
;
ns2.alcdesigns.biz. IN CNAME alcdesigns.biz.
===
reverse file "named.9.113.67.in-addr.arpa"
$TTL 3h
63-56.9.113.67.in-addr.arpa. IN SOA ns2.alcdesigns.biz.
beartcom.pacbell.net. (
2003081701 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 day
;
;Name Servers
;
57.9.113.67.in-addr.arpa. IN NS ns2.alcdesigns.biz.
11.28.13.206.in-addr.arpa. IN NS ns1.pbi.net.
11.29.13.206.in-addr.arpa. IN NS ns2.pbi.net.
;
;Addresses point to canonical name
;
57.9.113.67.in-addr.arpa. IN PTR ns2.alcdesigns.biz.
11.28.13.206.in-addr.arpa. IN PTR ns1.pbi.net.
11.29.13.206.in-addr.arpa. IN PTR ns2.pbi.net.
57.9.113.67.in-addr.arpa. IN PTR alcdesigns.biz.
57.9.113.67.in-addr.arpa. IN PTR www.alcdesigns.biz.
57.9.113.67.in-addr.arpa. IN PTR mail.alcdesigns.biz.
===
On my NAT intranet, I would leave the TTL files as follows:
forward file "named.ns2.alcdesigns.biz"
$TTL 86400
@ IN SOA ns2.alcdesigns.biz. beartcom.pacbell.net. (
2003072801 ; serial
8H ; refresh
2H ; retry
1W ; expire
1D ) ; minimum
; Name Server
IN NS ns1.alcdesigns.biz.
IN NS ns2.alcdesigns.biz.
;
;
; Addresses
localhost IN A 127.0.0.1
gateway IN A 192.168.1.1
ns1 IN A 192.168.1.2
ns2 IN A 192.168.1.3
===
reverse file "named.1.168.192.in-addr.arpa"
$TTL 86400
@ IN SOA ns1.alcdesigns.biz. beartcom.pacbell.net. (
2003072801 ; serial
8H ; refresh
2H ; retry
1W ; expire
1D ) ; minimum
; Name Servers
IN NS ns1.alcdesigns.biz.
IN NS ns2.alcdesigns.biz.
;
; Addresses for the cannonical names
1 IN PTR localhost.
1 IN PTR gateway.alcdesigns.biz.
2 IN PTR ns1.alcdesigns.biz.
3 IN PTR ns2.alcdesigns.biz.
===
The named.conf file would look like that:
controls {
unix "/var/run/ndc" perm 0600 owner 0 group 0;
inet 127.0.0.1 port 54 allow { any; };
};
//
acl "internal" {
localhost; 192.168.1.0/24;
};
//
options {
directory "/var/named";
allow-query { "internal"; };
allow-recursion { 127.0.0.1; 192.168.1.2; 192.168.1.3; };
allow-transfer { none; };
use-id-pool yes;
fetch-glue no;
query-source address 192.168.1.3 port 53;
};
//
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
//
//
zone "ns2.alcdesigns.biz" IN {
type master;
file "named.ns2.alcdesigns.biz";
};
//
zone "1.168.192.in-addr.arpa" IN {
type master;
file "named.1.168.192.in-addr.arpa";
};
//
//
zone "alcdesigns.biz" IN {
type master;
file "named.alcdesigns.biz";
};
//
zone "63-56.9.113.67.in-addr.arpa" IN {
type master;
file "named.9.113.67.in-addr.arpa";
};
===
Mark, please, could you comment on this?
Thank you!
Eduardo
--
Eduardo Bonsi
System Admin
BEARTCOMMUNICATIONS
www.beart.com
(415) 775-1532
beartcom at pacbell.net
More information about the bind-users
mailing list