Bind DNS Help

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Mon Aug 9 20:27:07 UTC 2004 

Mike Ross <mike at rei-ki.co.uk> wrote:
> Hi,

> First please excuse my lack of understanding towards BIND as it is something
> I have not had much dealing with in the past.

> At present we host a number of .co.uk domains, though for these websites we
> use an external DNS hosting service.  From the Internet we can see all our
> hosted websites without any bother.  If we use one of the computers behind
> our Netgear FS328S firewall/router it correctly looks up the IP address
> (which obviously points back to our router/firewall) as you would expect.
> The problem is our router tries to be intelligent and realising the origin
> of the request is from inside the firewall, points the request at the router
> itself bringing up a login box for the router and completely ignores the
> fact that it is web traffic destined for the demilitarized zones web server
> (the router has a web front end).  We haven't found a way of turning this
> off.

> This problem results in the world being able to see our hosted websites, but
> from inside our network all we can see is the router.

> What we want to do is set up a DNS record to 'mask' the domain names that
> are affected and to point them to our server internally (this DNS server
> will be in-house only).   I know that if we were to set up a DNS master zone
> for the 'co.uk' domain, this would solve the problem, but in doing so means
> that we cannot see other external 'co.uk' domains.

> In a nutshell - is there a way of using an in-house DNS server to handle
> specified .co.uk domains while allowing all other .co.uk domains that do not
> match to be forwarded on to an external DNS server?  If so, could you
> provide an example of how it would be set up?

Shure. Set up an DNS ( two is of course much better) where all your 
'co.uk' domains are defined as zones. The zonefiles however contains 
the inside addresses ( for all resources actually located on inside)

This will create some work of course, but a suitable scripting could
reduce the amount needed. Somewhere someone has to define both
addresses for a domain so it cannot be done at "no cost".

> Any questions, please ask as I am not sure if I am making this very clear or
> not.

You are perfectly clear. In fact there is a chapter ( 11 ) in the dns-book
( Managing dns and BIND by crickett liu, o'reilly isbn 0-596-00158-4)

> Cheers

> Mike Ross.






-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list