Justin,
You don't need two seperate DNS servers to do what you are
talking about. What you want is called SPLIT DNS and its a
future feature to be added to the TrinityOS doc. Basically,
you run one BIND process for one interface (external interface)
with one specific set of configuration files. Then, you run
another BIND process for the other interface (internal LAN)
with a different set of configuration files.
It ISN'T hard to do but it isn't documented well in the
MAN page.. most DNS books, etc. I'll ping a DNS guru buddy
of mine (just wrote a 385 page book on DNS v8.1.x and all its
advanced features) about this and I'll report my findings!
--David
>> I'm doing something bad, and I'm wondering how most people deal with the
issue
>>
>> in my dns configuration files for slootsky.org, I define names for my local
>> addresses. I do this so that machines on my local network can find each
other
>> as well as the local address for my linux box.
>>
>> specifically, in my zone.slootsky.org file I have the lines...
>> kenny.slootsky.org. IN A 192.168.1.1
>> angel.slootsky.org. IN A 192.168.1.2
>> girls.slootsky.org. IN A 192.168.1.3
>>
>> I'm sure (although, I have no way of testing this for sure) that anybody on
>> in the outside world who tries to ping angel.slootsky.org will attempt to
get
>> to 192.168.1.2, which will NOT end up being my machine.
>>
>> How can I provide DNS resolution for my localnetwork locally,
>> without providing this false DNS information to the rest of the world?
>
>What I do is run a name server on my masquerading box that has the "private"
>view of my domain (it doesn't have to be on your masquerading box, though). It
>has all the records from my regular zone file, plus the internal private
>addresses. I have all of my internal boxes use that box as a name server.
>
>The name server that's meant for the outside world runs on a different box,
and
>that's the one that's registered with Internic. The box with my internal
>information should never be queried by anyone on the outside (and I use BIND
>8.1.2's listen-on directive so that it only listens to requests from the
>internal addresses anyway).
>
>Chris Johnson
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>For daily digest info, email [EMAIL PROTECTED]
>
.----------------------------------------------------------------------------.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
