Bind ip alias
Cowles, Steve
steve at stevecowles.com
Sun May 23 22:03:48 UTC 2004
Mark Lowe wrote:
> Hello
>
...[snip]
> How to I get things so to the outside world hosteddomain.com
> is the real ip and to the server its the aliased one?
...[snip]
Are you sure you're not wanting (asking how) to implement bind views? i.e.
-----------------------------------------------
# cat /var/named/internal/db.maindomain
$ttl 38400
@ IN SOA mainhost.maindomain.com.
root.mainhost.maindomain.com. (
1084742277
10800
3600
604800
38400 )
hosteddomain.com. IN NS ns.maindomain.com.
www.hosteddomain.com. IN A 10.0.0.10
ftp.hosteddomain.com. IN A 10.0.0.10
mail.hosteddomain.com IN A 10.0.0.10
hosteddomain.com. IN A 10.0.0.10
-----------------------------------------------
# cat /var/named/external/db.maindomain
$ttl 38400
@ IN SOA mainhost.maindomain.com.
root.mainhost.maindomain.com. (
1084742277
10800
3600
604800
38400 )
hosteddomain.com. IN NS ns.maindomain.com.
www.hosteddomain.com. IN A 4.5.6.10
ftp.hosteddomain.com. IN A 4.5.6.10
mail.hosteddomain.com IN A 4.5.6.10
hosteddomain.com. IN A 4.5.6.10
-----------------------------------------------
#cat /etc/named.conf
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
statistics-file "/var/log/named/named.stats";
dump-file "/var/log/named/named.dump";
zone-statistics yes;
// Listen ONLY on the following interfaces
listen-on { 127.0.0.1 ; 10.0.0.10; };
...[snip]
};
acl "trusted-nets" {
10.0.0.0/24;
127.0.0.1;
};
...[snip]
view "internal" in {
//Only allow trusted nets to query this view
match-clients { trusted-nets; };
// Enable recursion for this view
recursion yes;
// Cache data retrieved in this view
additional-from-auth yes;
additional-from-cache yes;
// Load the "root" (hints) zone
zone "." in {
type hint; // Zone is of type hint
file "root.cache"; // Specify the root filename
};
// Load the internal 127.0.0 reverse zone
zone "0.0.127.in-addr.arpa" in {
type master; // Zone is a master
allow-transfer { none; }; // Do not accept zone
tranfers
allow-query { any; }; // Allow anyone to query
zone
file "internal/db.127.0.0"; // Load internal zone file
};
// Load the internal maindomain.com zone
zone "maindomain.com" in {
type master; // Zone is a master
notify yes; // Send notifies?
file "internal/db.maindomain"; // Load zone file
};
...[snip]
};
view "external" in {
//Allow anyone to query this view
match-clients { any; };
// Disable recursion for this view
recursion no;
// Do NOT cache data retrieved in this view
additional-from-auth no;
additional-from-cache no;
// Load the "root" (hints) zone
zone "." in {
type hint; // Zone is of type hint
file "root.cache"; // Specify the root filename
};
// Load the external maindomain.com zone
zone "maindomain.com" in {
type master; // Zone is a master
notify yes; // Send notifies?
allow-query { any; }; // Allow anyone to query
zone
file "external/db.maindomain"; // Load zone file
};
...[snip]
};
# cat /etc/resolv.conf
search maindomain.com
nameserver 127.0.0.1
...[snip]
At least that's what I do at this end. Using the above example, any host on
your lan configured to use this DNS server along with the server itself
(127.0.0.1) would return the 10.0.0.10 address. A query to your DNS server
originating from the internet would return the 4.5.6.10 address. FWIW: I
configure my apache virtual's to refernece the internal ip address like what
you posted.
Steve Cowles
More information about the redhat-list
mailing list