You would need to split DNS. Have one DNS server that contains your external addresses. Also configure this DNS server to forward to your ISP's DNS server. Then have another DNS server that contains your internal addresess. Then configure this server to forward to your external DNS server (or your ISP's). Now point all your DNS client's to the internal server. Thus, all internal addersses are resolved directly and non-local queries are resolved by either your external DNS server's cache or your ISP's DNS server's cache, and so on... (eventually you could end up at the primary DNS server for that domain)
Thus, internal users will get the internal address UNLESS it is not defined in the internal DNS server, then the internal DNS server will query one of it's forwarders for the address and so on. This is actually how a non-cached DNS request is eventually resolved anway. (it may take several DNS servers to finally obtain the address, but this all happens subsecond,err.. well hopefully it does.) Large ISP's like Pac Bell tend to have overworked DNS servers. I have run this setup in many companies. I have also run a 'three-tier' DNS scheme for a large development environment wherein QA had a slew of custom entries, etc.... The key is how you configure your forwarders. Another 'sketchy' approach is to configure one internal DNS server that has no forwarders and then configure each client with that server's IP address as the primary DNS server and your ISP's (or external DNS server's) DNS server's IP address as a secondary. This will result in a short delay for non-internal requests I hope this is worded correctly, I can picture the setup in my head but I am low on sleep and I ate a big lunch. =) Hope this helps. I can post conf files if you need further help, but the O'Rielly DNS book is pretty accurate. (with the exception of ver 9 features) -Chuck Lee Griffin wrote: > Thank you Rodolfo and Ross for your help. Unfortunately it is not that easy. My >internal and external host names need to be the same. Thus, in order for my local >users to access our mail server, mail.varsitycontractors.com, dns must map to a >private 10.x.x.x, while my remote users will need dns to map them to a public IP via >the same hostname. I'm told I need split dns, but I'm having trouble getting it to >work. For example, I can't get more than one named daemon to run. if anybody has >detailed info on how to do this, or if there is a better way, I would greatly >appreciate it. Thanks again for your help so far. > > ---------- Original Message ---------------------------------- > From: "Rodolfo J. Paiz" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Tue, 09 Apr 2002 16:56:22 -0600 > > >>At 4/9/2002 04:11 PM -0600, you wrote: >> >>>I have RH 7.0 setup as a local DNS server for my network. I would like to >>>set it up to serve public addresses as well. What's the easiest way to do >>>this? Thanks. >>> >>Not difficult at all. >> >>0. Ensure that your DNS server software is patched, >> up-to-date, and has no known vulnerabilities. >>1. Add zones to /etc/named.conf. >>2. Add zonefiles in the right place, usually /var/named. >>3. Allow traffic from the outside world to your DNS server. >> >> >>-- >>Rodolfo J. Paiz >>[EMAIL PROTECTED] >> >> >> >>_______________________________________________ >>Redhat-list mailing list >>[EMAIL PROTECTED] >>https://listman.redhat.com/mailman/listinfo/redhat-list >> >> > > > > _______________________________________________ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > > _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
