BIND configuration - superior wisdom required.

phn at phn at
Sun Dec 19 22:17:12 UTC 2004

James Herbert <lists at> wrote:
> Hi.

> First off, if this is a FAQ, I'm most apologetic. The docs I looked at 
> didn't really answer me, and I don't grok BIND yet.

> Ok. My current situation is this:

> I have a small internal network, and a smaller external 
> network 217.155.x.168/29. I have just installed my sixth system on the 
> network and have thus moved over to the internal NAT'ed network so as 
> not to run out of address space. My servers have bidirectional mapping 
> through the NAT box (OpenBSD/pf) such that 217.155.x.169 <-> 
> and so on. Now this works great, except for the obvious problem that 
> internal clients are still getting the external IP addresses of my 
> servers from my ISP's DNS servers.

> What I'd like BIND to do for me is this:

> Be a DNS server for my internal network. It needs to answer only to my 
> internal network, and reply to queries for servers on the internal 
> network with their internal IP addresses, and forward everything else to 
> my ISP's DNS servers.

It's not an uncommon task, and relativly well-documented.
Forwarding is something you should start without, turning it 
on _if_ you need it.

The "reference book" "Managing DNS and BIND" bu crickett Liu has 
the very chapter you need on-line :

Most of the chapter is applicable, but there is a chapter 
about firewalls you might fins handy.

The main idea is that the nameserver "has" your zone, but all 
addresses is 10.-addresses, all your clients uses this server,
and for everything not configured as "local" will be sent 
to Internet nameservers.

If you want to run a nameserver accesible from Internet you will
need views ( the same zone but using Internet addresses)

Good luck, and don't hesitate to ask questions.

Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list