Re: [clug-talk] BIND Config

[Michael Gale]

Hello,
You should look into running a dual homed system using one of the 
following methods:

1. Run two DNS servers on the same machine, one receiving request from 
the external network and will respond with exteranl IP's only. A second 
server receiving request from the internal network providing internal 
IP's only. Then when the internal DNS server receives a queiry for a 
domain it does not know the answer for, it forwards the reuqest to your 
external instance, which then answers the request using it zone 
information asking a root name server.

2. Run one DNS server and using BIND's ACL's have two different zone 
files and recusion allowed by network or IP address.

Michael

Shawn wrote:
On Saturday 23 April 2005 14:44, Michael Gale wrote:
Firewall settings ?
Michael

I'm trying to do this behind my firewall, so it' shouldn't be in the picute 
(I hope).  This DNS server is for local network use only, and will not be 
available to the Internet.

I have my main server (named SRV - how original is that?? <grins>), which is 
running various services, including BIND.  When I do nslookup from a console 
session on SRV, names get resolved - though if I try to resolve 
"www.open2space.com", I get my external address - not the internal address 
indicated in my zone file.

There are a few workstations on the network - one of them is called "SAGE".  
After I make a change to the bind config on SRV, I modify 
the /etc/resolv.conf file on SAGE to point to SRV's IP address.  Then try to 
resolve names via nslookup/dig, or even just ping - in these cases name 
resolution outright fails - I don't even get the external addresses returned 
to me....

hmmm... maybe the firewall is coming into play here.... It's setup to be a 
caching name server - maybe it's intercepting all traffic on port 53??  This 
sounds plausible, but not likely...  I'll see if I can turn off DNS on the 
firewall anyways... 

Thanks for the suggestion....
Shawn
_______________________________________________
clug-talk mailing list
clug-talk@clug.ca
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
**Please remove these lines when replying
_______________________________________________
clug-talk mailing list
clug-talk@clug.ca
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
**Please remove these lines when replying