FC6 DNS Simple Setup help

Barry Margolin barmar at alum.mit.edu
Thu Nov 16 04:19:01 UTC 2006


In article <ejeuno$22te$1 at sf1.isc.org>,
 "Mark Koi" <mark.koi at nextwavesys.com> wrote:

> Hi,
> 
> We have a FC6 Firewall.  We have an internal/external network.  The
> ns/fw are one in the same for now and perform DNAT.  DNS and bind
> requires intensive experience, but we setup using view.  Reverse lookup
> doesn't work.  What exactly do we need to add to named.conf to get
> reverse lookup to work on internal network.  Also, what would the files
> that reverse lookup reference exactly look like??  Can someone with
> intensive experience provide any other information to lead us down the
> right path in proper setup.  Thanks - Mark.

You need to add the zone named "1.168.192.in-addr.arpa", and fill this 
zone with appropriate PTR records.  The named.conf entry looks like:

zone "1.168.192.in-addr.arpa" {
  type master;
  file "db.internals.1.168.192.in-addr.arpa";
};

The DB file would look like:

$TTL 86400
@ IN SOA fwbo.nextwavesys.net. hostmaster.nextwavesys.net. (
  ... )
  IN NS fwbo.nextwavesys.net.
1 IN PTR fwbo.nextwavesys.net.
4 IN PTR www.nextwavesys.net.

> 
> named.conf
> ------------------------------------------------------------------------------
> ----------------------------------
> acl internals {
>         127.0.0.1;
>         192.168.1.0/24;
> };
> 
> options {
>         directory "/var/named";
>         dump-file "/var/named/data/cache_dump.db";
>         statistics-file "/var/named/data/named_stats.txt";
>         version "0";
> };
> 
> controls {
>         inet 127.0.0.1 allow { localhost; }
>         keys { rndckey; };
> };
> 
> view "internal" {
>         match-clients { internals; };
>         recursion yes;
> 
>         zone "nextwavesys.net" {
>                 type master;
>                 file "db.internals.nextwavesys.net";
>                 allow-query { internals; };
>                 allow-update { internals; };
>         };
> };
> 
> view "external" {
>         match-clients { any; };
>         recursion no;
> 
>         zone "nextwavesys.net" {
>                 type master;
>                 file "db.externals.nextwavesys.net";
>         };
> };
> include "/etc/rndc.key";
> ------------------------------------------------------------------------------
> -------------------------------
> db.internals.nextwavesys.net
> 
> $TTL    86400
> @       IN      SOA     nextwavesys.net. fwbo.nextwavesys.net. (
>                 42         ; Serial
>                 28800      ; Refresh
>                 14400      ; Retry
>                 3600000    ; Expire
>                 86400 )    ; Minimum
> ;
> @            IN      NS      fwbo
>              IN      MX      10 mail
>              IN      A       192.168.1.1
> fwbo        IN      A       192.168.1.1
> www         IN      A       192.168.1.4
> .....more entries, etc.......
> 
> ------------------------------------------------------------------------------
> ---------------------------------
> db.externals.nextwavesys.net
> 
> $TTL    86400
> @       IN      SOA     fwbo.nextwavesys.net.
> root.fwbo.nextwavesys.net.  (
>                                       42         ; Serial
>                                       28800      ; Refresh
>                                       14400      ; Retry
>                                       3600000    ; Expire
>                                       86400 )    ; Minimum
> ;
> @       IN      NS      fwbo
>         IN      MX      10 mail
>         IN      A       216.9.140.36
> fwbo    IN      A       216.9.140.36
> .....more entries, etc..........
> ------------------------------------------------------------------------------
> --

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list