TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:5377] Talk to me a bit about domains...



To make things simple, I'd assign a new domain to your private network,
something like protected.skj.dsl.visi.com.

Make BIND authoratitive for the protected.skj.dsl.visi.com domain.  Let's say
the machines IP is 192.168.1.1

Setup /etc/resolv.conf  like this:

search protected.skj.dsl.visi.com skj.dsl.visi.com
nameserver 192.168.1.1

Make BIND be a forwarder, by setting this in your /etc/named.conf

options {
	directory "/var/dns";
	forward only;
	forwarders {
		209.98.98.1;
		206.124.0.33;
	};
};

Make sure you have zone files for your your protected domain:

zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.local";
};
 
zone "protected.skj.dsl.visi.com" {
        type master;
        file "protected.skj.dsl.visi.com";
};
 
zone "1.168.192.IN-ADDR.ARPA" {
        type master;
        file "192.168.1";


NOTICE there is no hints zone, aka cache.

This assumes that Vector is answering for the skj.dsl.visi.com domain. This is
how it works.

Your protected machines will query your internal DNS server, if the zone is
cached the local DNS server will respond, if the zone is not cached your DNS
server will forward the request to Vector's DNS server to have it answered.

Get it? If not, send me some personal email.


Quoting Scott K. Johnson (skj@visi.com):
> Hello all,
> 
> I'm in the process of setting up some DNS stuff at home.
> 
> I've got a firewall set up, with a static IP address, connected to a
> DSL link.  In that same box, I've got another NIC that is hooked into
> my LAN via a hub.
> 
> My official domain name is: "skj.dsl.visi.com"
> 
> Now, on the internal LAN side of the world, I'm using the 192.168.1.x
> block of IP addresses.
> 
> Where I'm getting confused is with the hostname stuff...
> 
> Can I name the hosts pretty much any hostname.domainname.net, being
> that the real world never sees them??
> 
> Do I give my firewall two different hostnames, one for each interface
> (can that even be done?)?
> 
> If I interact with the internal side of my firewall as
> "skj.dsl.visi.com", how does that affect my internal domain name
> settings, if at all?
> 
> I feel like I'm having one giant brain fart with all this...should be
> easy to figure out right??
> 
> Thanks!!
> 
> Scott K. Johnson
> skj@visi.com
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
> For additional commands, e-mail: tclug-list-help@listserv.real-time.com
> Try our website: http://tclug.real-time.com

-- 
Bob Tanner <tanner@real-time.com>       | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500
Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9