How to implement DNS server in a firewall.

Penghui Wang wangpenghui at realss.com
Sun May 22 07:07:52 UTC 2005 

On Sun, 2005-05-22 at 01:47 -0400, Barry Margolin wrote:
> In article <d6otb6$1lg4$1 at sf1.isc.org>,
>  Penghui Wang <wangpenghui at realss.com> wrote:
> 
> > Hello lists:
> > 
> > I have a domain name "example.com", it registered in a ISP.
> > And i could manage this domain and its subdomains on the website which
> > the ISP provided.
> > 
> > And i am in a lan, the intranet of our company. 
> > There is a dhcp server and a dns server one the host which is the
> > gateway of the intranet.
> > 
> > The domain name of the gateway is example.com.
> 
> Why don't you tell us the real domain?  We can't tell if you're 
> configuring things correctly when you give fake information like this.
> 


> > If i want to resolve the example.com in intranet, it's impossible.
> > 
> > So i want to the dns server on the gateway to manage some part of the
> > domain name "example.com".
> > 
> > I have added the follow text in named.conf
> > 
> > zone "example.com" IN {
> >   type slave;
> >   file "pri/example.com.zone";
> 
> If you have a subdirectory named "pri", it's usually used for master 
> zones, not slaves.  "pri" is short for "primary", which is what master 
> zones used to be called; slave zones would usually be in a subdirectory 
> named "sec", because they used to be called secondary zones.
> 

I am a newbie with bind. So i use his default setting. Later i will
correct this. 

> >   master {210.34.0.14;}; // A public DNS server
> >  };
> 
> Is 210.34.0.14 really the master server for your zone?  Does it allow 
> your gateway to perform zone transfers?
> 

I don't think so. In fact it's not. It just a public DNS server. I don't
know the primary dns server of the domain. So it must not let my gateway
to perform zone transfers.

> > 
> > After that, i found that i could not resolve any domain names in
> > "example.com" except the entries of the dns server on the gateway.
> 
> It should be able to resolve all the names in the zone that it 
> transferred from 210.34.0.14.  Are you getting any error messages when 
> it tries to do a zone transfer?
> 

With the above things, i think i have misunderstood the primary and
slave dns server. 

> > 
> > I think i must  do something misconfiguration. 
> 
> If your gateway is authoritative for a zone, then it will not forward 
> names within that zone to any other servers.
> 

I could not understand this. Now i think i have to read more article
about dns server. Could you point out anything i could read first?

Thanks very much.

Wang Penghui

PS:  My dns server is just used in a lAN, and it not a registered
server.

More information about the bind-users mailing list