Setting up DNS; Internet and Intranet questions
David L. Gehrt
dlg at inanity.net
Tue May 27 18:01:12 UTC 2008
<snip>
For what it is worth here is how my domain (inanity.net) is set up. I
have a DSL connection to my firewall/gateway, a Linux box which running
Arno's firewall which does NAT. This system is also the master name
server for the inanity.net zone and the ultimate default gateway for the
systems inside the firewall/gateway, The firewall/gateway machine is
dual homed. One address is the static from SBCGlobal and the other
interface is on the 192.168.2.0/24 internal network.
Inside the gateway is my mail hub, a network attached storage device, an
HP network printer, a WRT310n wireless router and a WRT56g wireless
router. All these devices are wired into a Netgear 8 port switch.
These devices all have addresses on the 192.168.2.0/24 internal network.
There are three wireless lap tops, two laptops have 802.11b/g interfaces
and one has an 802.11b/g/n. The WRT310n router joined the mess early
this morning when I got the Talisman 1.3.5 firmware installed on both
wireless routers, The internal wireless address is 192.168.1.0/24. but
each router uses a different block of DHCP addresses.
DNS on this mess: The firewall gate way as the master DNS server runs
split DNS. The split is internal and external. The external zone file
only has an A record for the firewall/gateway machine. It has an MX
record for the domain which directs the mail to the gateway which then
shuffles it off to the mail machine. I should have used port forwarding
but this was the set up when I had a flat and less DNS experience, say
around 1990.
There are two external slave DNS servers. These only get the data for
the exterior zone.
Here is the guts of my named.conf file. I have removed a lot of
extraneous material, logging info, comments, but I have left the
important stuff. Two points. There are three internal DNS servers.
One each on the wireless routers, and one on the mail system. These are
slave servers, not caching only DNS servers. I now have to deal with
DDNS, because until a few minutes ago my entire DNS used static IPs.
Now the wireless lap tops can move freely between the routers, with
their separate DHCP address spaces. There are many ways to handle this,
it is just new to me, and I was up all night wrestling with router
firmware upgrades.
Remember bind is worse than any English teacher. Watch for the missing
';' and ALWAYS verify that named is running. Any error will keep named
from running --logs and rndc(8) are your friends.
Oh, I almost forgot -- serial numbers in zone files MUST increase with
each modification to a zone file or the new data will not replace
previous data. I ran a big DNS environment, 10000+ DNS resource
records, 1 master and 2 slave servers. Zone file serial numbers are 10
characters long. We used YYYYMMDDNN. YYYY 4 digit year, MM month, DD
day and NN changes per day. Retired, I have never needed 2 digits for
NN, but old habits...
dlg
David L.Gehrt
1865 Wilding Lane
San Luis Obispo, CA 93401
------------------------------------------------------------------------
options {
.
.
.
};
//
logging {
.
.
.
};
//
view "internal" {
match-clients {
127/8;
192.168.2/24;
192.168.1/24;
};
zone "." IN {
type hint;
file "named.ca";
};
//
include "/etc/named.rfc1912.zones";
//
zone "inanity.net" {
type master;
file "internal/inanity.net";
allow-transfer {
192.168.2/24;
192.168.1/24;
};
};
//
zone "1.168.192.in-addr.arpa." {
type master;
file "internal/rev1.inanity.net";
allow-transfer {
192.168.2/24;
192.168.1/24;
};
};
//
zone "2.168.192.in-addr.arpa." {
type master;
file "internal/rev2.inanity.net";
allow-transfer {
192.168.2/24;
192.168.1/24;
};
};
//
};
//
view "external" {
match-clients { any; };
zone "inanity.net" {
type master;
file "external/inanity.net";
allow-transfer {
xxx.xxx.xxx.x; // external name server
xxx.xxx.xxx.x; // external name server
};
};
};
------------------------------------------------------------------------
More information about the fedora-list
mailing list