Bind DNS Help
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Mon Aug 9 20:27:07 UTC 2004
Mike Ross <mike at rei-ki.co.uk> wrote:
> Hi,
> First please excuse my lack of understanding towards BIND as it is something
> I have not had much dealing with in the past.
> At present we host a number of .co.uk domains, though for these websites we
> use an external DNS hosting service. From the Internet we can see all our
> hosted websites without any bother. If we use one of the computers behind
> our Netgear FS328S firewall/router it correctly looks up the IP address
> (which obviously points back to our router/firewall) as you would expect.
> The problem is our router tries to be intelligent and realising the origin
> of the request is from inside the firewall, points the request at the router
> itself bringing up a login box for the router and completely ignores the
> fact that it is web traffic destined for the demilitarized zones web server
> (the router has a web front end). We haven't found a way of turning this
> off.
> This problem results in the world being able to see our hosted websites, but
> from inside our network all we can see is the router.
> What we want to do is set up a DNS record to 'mask' the domain names that
> are affected and to point them to our server internally (this DNS server
> will be in-house only). I know that if we were to set up a DNS master zone
> for the 'co.uk' domain, this would solve the problem, but in doing so means
> that we cannot see other external 'co.uk' domains.
> In a nutshell - is there a way of using an in-house DNS server to handle
> specified .co.uk domains while allowing all other .co.uk domains that do not
> match to be forwarded on to an external DNS server? If so, could you
> provide an example of how it would be set up?
Shure. Set up an DNS ( two is of course much better) where all your
'co.uk' domains are defined as zones. The zonefiles however contains
the inside addresses ( for all resources actually located on inside)
This will create some work of course, but a suitable scripting could
reduce the amount needed. Somewhere someone has to define both
addresses for a domain so it cannot be done at "no cost".
> Any questions, please ask as I am not sure if I am making this very clear or
> not.
You are perfectly clear. In fact there is a chapter ( 11 ) in the dns-book
( Managing dns and BIND by crickett liu, o'reilly isbn 0-596-00158-4)
> Cheers
> Mike Ross.
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list