Internal & external DNS setup with firewall
Barry Margolin
barmar at alum.mit.edu
Fri Sep 3 12:32:17 UTC 2004
In article <ch9kuu$238$1 at sf1.isc.org>,
Tang Ho Yim <tanghoyim at yahoo.com> wrote:
> Hi,
>
> First of all, here is the network configuration:
>
> Internet ------------------ [real IP] packet filter firewall / NAT
> [10.0.0.1/8] -------------- internal
>
> I have 1 real IP with internet domain name eg.com. And the external DNS hold
> by ISP.
> Internal DNS in the local host with the domain name eg.com, same as the
> internet one.
> Internal DNS is set to forward all internet query to external DNS which hold
> by ISP.
> All host include firewall, the default nameserver is point to internal DNS.
> Of course, firewall will let DNS traffic pass.
>
> My question is :
> When I sitting at the firewall host, ping firewall, it will return 10.0.0.1.
> It seem ok since the default nameserver is internal DNS. If I set the
> nameserver to external DNS, ping firewall will return "real IP". But I can't
> ping the local network anymore.
>
> So, which one should I set ?
> Should I need the different domain name between external & internal ?
Just put two entries in your internal DNS:
firewall-inside IN A 10.0.0.1
firewall-outside IN A <whatever>
Then you can look up whichever one you want.
> Can I nslookup firewall that will give two IP result ?
> Did the local DNS need the root.cache file ?
Turn off forwarding and just let the internal DNS go to the root
nameservers.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list