>>>>> "Graeme" == Graeme Robinson <[EMAIL PROTECTED]> writes:
Graeme> On 29 Jan 2003, Karl Bowden wrote: >> I have a server and two workstations and was wondering what the >> easiest way is to setup BIND and a DNS caching server? I havent a >> clue where to start. All I know is that I am on dialup, and want to >> be able to point the workstations at the server as there DNS >> server. Graeme> configuring BIND is not for the faint-hearted. Understanding Graeme> and correctly applying the principals of DNS is even a more Graeme> daunting task. I recommend you not try but use a distribution Graeme> that preconfigures what you require without a detailed Graeme> knowledge of BIND and DNS. It's not *that* bad. What you're after (I think) is split-horizon DNS. On your firewall, you set up a standard bind9 daemon that's authoritative only for localhost, and 127.in-addr.arpa. listens only on internal addresses, and forwards all other requests to your ISP's nameservers. /etc/resolv.conf on the firewall points to your internal DNS server (*inside* the firewall). The internal server (which all your trusted machines use to resolve addresses) is authoritative for the usual localhost and 127.in-addr.arpa. and for your local network names. It forwards all other requests to the DNS server on your firewall. You *do* have a firewall, don't you? The aim is that people outside your network can't see your names or addresses; but any trusted machine (i.e., on your LAN) can see your names and addresses. It's all covered in the O'Reilly book if you want the gory details. PeterC -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
