BIND configuration - superior wisdom required.
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Sun Dec 19 22:17:12 UTC 2004
James Herbert <lists at artyzan.net> wrote:
> Hi.
> First off, if this is a FAQ, I'm most apologetic. The docs I looked at
> didn't really answer me, and I don't grok BIND yet.
> Ok. My current situation is this:
> I have a small internal network 10.0.0.0/24, and a smaller external
> network 217.155.x.168/29. I have just installed my sixth system on the
> network and have thus moved over to the internal NAT'ed network so as
> not to run out of address space. My servers have bidirectional mapping
> through the NAT box (OpenBSD/pf) such that 217.155.x.169 <-> 10.0.0.100
> and so on. Now this works great, except for the obvious problem that
> internal clients are still getting the external IP addresses of my
> servers from my ISP's DNS servers.
> What I'd like BIND to do for me is this:
> Be a DNS server for my internal network. It needs to answer only to my
> internal network, and reply to queries for servers on the internal
> network with their internal IP addresses, and forward everything else to
> my ISP's DNS servers.
It's not an uncommon task, and relativly well-documented.
Forwarding is something you should start without, turning it
on _if_ you need it.
The "reference book" "Managing DNS and BIND" bu crickett Liu has
the very chapter you need on-line :
http://www.oreilly.com/catalog/dns4/chapter/ch11.html
Most of the chapter is applicable, but there is a chapter
about firewalls you might fins handy.
The main idea is that the nameserver "has" your zone, but all
addresses is 10.-addresses, all your clients uses this server,
and for everything not configured as "local" will be sent
to Internet nameservers.
If you want to run a nameserver accesible from Internet you will
need views ( the same zone but using Internet addresses)
Good luck, and don't hesitate to ask questions.
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list