view function of Bind 9

Les Mikesell lesmikesell at gmail.com
Mon Apr 2 12:59:08 UTC 2007 

edwardspl at ita.org.mo wrote:
> Les Mikesell wrote:
> 
>> edwardspl at ita.org.mo wrote:
>>
>>>> Is your server the official public server for a registered domain name?
>>>> If not, you just want to provide only the private addresses for the
>>>> names even though you configure the server to be primary for the zone.
>>>> Some other server (or service) may be providing public dns with the
>>>> names of any machine you want to be available from the internet and the
>>>> corresponding public addresses. Even though named can do both at once I
>>>> find it easier to run it on different machines and point local clients
>>>> at the one with the private addresses.
>>>>
>>> Yes, the domain name is registered...
>>> So, how can I config the DNS ?
>>
>> I have always pointed the public registration at a different server
>> than the one used by internal machines behind the NAT so I can't help
>> with configuring views on a single server, although I believe it is
>> supposed to be supported. These directions might work:
>> http://www.openaddict.com/bind9_views_for_dns_zones.html
>>
>>
>> Some other responses have mentioned letting the NAT router do it for
>> you by adjusting the address on responses to outside queries. Some
>> routers do have that capability (I think the Cisco PIX is one), but
>> not all can do it and the configuration would be specific to the type.
>>
> Hello,
> 
> Sorry, I don't quite understanding your means...

For a small site, the easy way is to let some outside service handle
public DNS for you.  You will probably only have a few addesses that
need to be included in the public view and you really should have two
DNS servers registered in the public system anyway.  Often the service
that provides the domain regisration service will also offer to serve
your zones.  That takes care of the public side seeing the public
addresses.   Then you set up your own private DNS server inside the nat
to run as a caching server but primary for your own domain and use it
from your local machines.  Even though it isn't the registered primary
server it will respond with the configured private addresses for your
own domain and get the rest from public DNS.

If you have a larger site you can still use this approach.  Just use
different DNS servers for the ones registered into the public system
than the ones you use for your internal machines that want the private
addresses.

-- 
  Les Mikesell
   lesmikesell at gmail.com

More information about the fedora-list mailing list