Subject: Re: Primary-Secondary DNS Issue
From: Mike Tibor (tibor@lib.uaa.alaska.edu)
Date: Wed Oct 02 2002 - 09:57:44 AKDT
On Wed, 2 Oct 2002 bthundereagle@aidea.org wrote:
> That sounds good, how can I check to see if my Internal DNS server is
> set up to do that? Because I am almost certain it isn't unless it is
> an automatic thing. And what are you doing up so late anyways?
In named.conf you'll need a forwarders section. It should look something
like this:
options {
[...]
forwarders {
<firewall ip>;
};
};
On my home network I keep things simple and just run a single dns server
on my firewall. Named doesn't care what's private and what's not--it only
cares about zonefiles and whether your syntax is correct. You can run
both private and public dns on the same box, just use different zonefiles
for each.
Here's a simple example named.conf:
=============
options {
directory "/etc/namedb";
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.in-addr-arpa" {
type master;
file "localhost.rev";
};
// here's a domain we host
zone "example.com" in {
type master;
file "example.com";
};
// here's our private net
zone "mystuff.home" in {
type master;
file "mystuff.home";
};
// reverse for our private net
zone "0.168.192.in-addr.arpa" in {
type master;
file "192.168.0";
};
=============
This is assuming you're running bind 8. You can also use something called
"views" in bind 9 which would allow you to hide your internal dns info
from any queries coming into your firewall from the outside.
Mike
-- Mike Tibor Univ. of Alaska Anchorage (907) 786-1001 voice Network Technician Consortium Library (907) 786-6050 fax tibor@lib.uaa.alaska.edu http://www.lib.uaa.alaska.edu/~tibor/ http://www.lib.uaa.alaska.edu/~tibor/pgpkey for PGP public key--------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Wed Oct 02 2002 - 09:57:46 AKDT