Add new subnet on multi-homed hosts
Harry Putnam
reader at newsguy.com
Fri Mar 3 02:48:03 UTC 2006
Setup: Gentoo Linux (kernel-2.6.15)
bind-9.3.2
Running an authoritative name server on a small home lan as training
exercise. And using DNS and Bind 4th ed as a guide.
I just added a sort of dmz logging machine on a different subnet.
192.168.0,0
192.168.1.0 (newly added)
And I guess I'm going to a 192.168/16 from 192.168.0/24
A quick sketch of this network(There are more hosts on it
but for simplicity):
(All have prefix 192.168)
INTERNET
| (Dynamic IP)
|
NETGEAR (consumer grade router)
--------------------------------------------------
| 0.4 | 0.3 | 0.4 | 0.19
| | | |
[ m1 ] [ m2 ] [ m3 ] [ m4 ]
| 1.2 | 1.1
|________________________________________________|
Or I can stand some coaching on that. But using a different subnet
makes the dmz operation easy to config and the linked multi-homed
hosts don't have confusion over which address is the main one on that
host.
That is I don't fire up a browser on 192.168.0.4 and 192.168.1.2 tries
to run the browser. Both addresses are on
reader.local.lan (rdmz.local.lan)
0.19
1.1 in the diagram is fwobsd.local.lan (fwdmz.local.lan)
the 1.1 subnet is just 2 addresses that link the dmz machine to
another so it can be accessed via ssh with out involving its external
address which is in 0.0 network. fwobsd.local.lan is sent a copy of
all traffic that comes to NETGEAR
The ports on NETGEAR are switched.
What I'm not understanding is how all this is reflected in the zone
files. I tried to use the movie.edu domain as example but must have
gone astray somewhere.
nslookup gives expected output for reader or fwobsd
rdmz fwdmz
And all the IP numbers except 192.168.1.2 and 1.1
nslookup rdmz
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: rdmz.local.lan
Address: 192.168.1.2
But looking up by Numeric IP is another matter:
nslookup 192.168.1.2
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find 2.1.168.192.in-addr.arpa: NXDOMAIN
Named doesn't output any errors on startup when my zone files are
loaded. They appear below in order:
db.local.lan
db.192.168.0
db.192.168.1
db.127.0.0
db.local.lan
======== 8< snip ============================
$TTL 1D
@ IN SOA reader.local.lan. hostmaster (
200405191 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ) ; minimum
;; Nameserver (The name '@' is implied)
IN NS reader
;; smtp hub (The name '@' is implied)
IN MX 10 reader
;; addresses for the canonical names
localhost IN A 127.0.0.1
ansil IN A 192.168.0.21
bjp IN A 192.168.0.16
fw IN A 192.168.0.20
fwobsd IN A 192.168.0.19
IN A 192.168.1.1
harvey IN A 192.168.0.22
mob2 IN A 192.168.0.3
reader IN A 192.168.0.4
IN A 192.168.1.2
wap IN A 192.168.0.50
;; aliases
smtp IN CNAME reader
www IN CNAME reader
tic IN CNAME reader
;; interface specific addresses
fwdmz IN A 192.168.1.1
rdmz IN A 192.168.1.2
db.192.168.0
============ 8< snip ==================
$TTL 1D
@ IN SOA reader.local.lan. reader.reader.local.lan. (
200405190 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
;
; Name servers (The name '@' is implied)
;
IN NS reader.local.lan.
;
; Addresses point to canonical names
;
3 IN PTR mob2.local.lan.
4 IN PTR reader.local.lan.
16 IN PTR bjp.local.lan.
19 IN PTR fwobsd.local.lan.
20 IN PTR fw.local.lan.
21 IN PTR ansil.local.lan.
22 IN PTR harvey.local.lan.
50 IN PTR wap.local.lan.
db.192.168.1
============ 8< snip =================
$TTL 1D
@ IN SOA reader.local.lan. reader.reader.local.lan. (
200405190 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
;
; Name servers (The name '@' is implied)
;
IN NS reader
;
; Addresses point to canonical names
;
2 IN PTR rdmz.local.lan.
1 IN PTR fwdmz.local.lan.
db.127.0.0
============= 8< snip ===========
$TTL 1W
@ IN SOA reader.local.lan. reader.reader.local.lan. (
2002081601 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS reader.local.lan.
1 IN PTR localhost.
More information about the bind-users
mailing list