On Fri, 11 Sep 1998, Justin Slootsky wrote:
> I'm doing something bad, and I'm wondering how most people deal with the issue
>
> in my dns configuration files for slootsky.org, I define names for my local
> addresses. I do this so that machines on my local network can find each other
> as well as the local address for my linux box.
>
> specifically, in my zone.slootsky.org file I have the lines...
> kenny.slootsky.org. IN A 192.168.1.1
> angel.slootsky.org. IN A 192.168.1.2
> girls.slootsky.org. IN A 192.168.1.3
>
> I'm sure (although, I have no way of testing this for sure) that anybody on
> in the outside world who tries to ping angel.slootsky.org will attempt to get
> to 192.168.1.2, which will NOT end up being my machine.
>
> How can I provide DNS resolution for my localnetwork locally,
> without providing this false DNS information to the rest of the world?
Well, the Right Way To Do It is to use two seperate DNS servers -- one for
the public Internet, publishing just those names for machines that are
publicly accessible, and another (accessible only from the private LAN)
that publishes all names, both public and private.
That said, there are a number of ways to make do with a single primary
server if that's all you've got. Generally, you want names for all
publicly accessible machines to resolve to the registered Internet
address, *not* the private address. Provided that the routing is set up
properly, the masq code is intelligent enough to figure out that the
private interface should be used for packets arriving from that subnet.
As for the inverse mapping, it's perfectly valid to have more than one PTR
record pointing to the same name, so that both public and private
interfaces on the masq box resolve to the correct name.
As for the private names, it's technically a security breach to publish
them on the Internet, but as a matter of practicality it's unlikely that
anyone would deduce them without inside help.
|Frederick F. Gleason, Jr.|WAVA Radio - 105 FM |Voice: 1-(703)-807-2266 |
| Chief Engineer |1901 N. Moore Street| FAX: 1-(703)-807-2248 |
| |Arlington, VA 22209 | Web: HTTP://www.wava.com|
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
