[ale] another DNS question...

Ken Nagorski kenn at pcintelligent.com
Wed Oct 31 15:24:05 EST 2001


Hi there, 

OK, this is kind of confusing? You have an internal network. How does it
connect to the outside world? Actually who cares? Look The box that runs
DNS is connected to the outside and inside networks right so you run one
named process. It has the zonefile for localdom.com or whatever you want
to add. It also responds to quesries for things like slashdot.org, I don't
see what the problem with that is? Why wouldn't work. Yes someone could
query your box and get the IP address of the internal box or whatever but
if you use IP tables then what is the big deal?

Thanks
Ken



 On Wed, 31 Oct 2001, Robert Heaven wrote:

> Come to think of it, I actually made this work on a WinBlows box... Let me see if I can remember...
> 
> 1. The external NIC was set up with DHCP and would pick up the default route from there.
> 
> 2. The internal NIC was set up with static IP and NO default route
> 
> 3. After bootup I had a bat file that put in a static route to the internal net
> 
> 4. I also had to use statically defined DNS with the internal DNS as the primary and the external as secondary.
> That way the internal DNS would very quickly reply back with a negative answer for external lookups. (the
> external would search the entire internic list before giving up)
> 
> Now the question is how to translate that into UNIX.
> 
> 1. Check you routing tables (netstat -r -n) and make sure you don't have multiple default routes. If you do
> change the config on the internal NIC to not have a default route.
> 
> 2. If you don't have a static route to the internal net, put a "route add" in the /etc/rc.d/rc.local file.
> 
> 3. Put the internal DNS in the list first and remove the "search" line.
> 
> Let me know if that works.
> 
> John Wells wrote:
> 
>  Well, there's no real external domain here.  I just
> want to be able to look up sites like www.slashdot.org
> or www.cnn.com and also look up partial internal
> hostnames like mytestbox (or
> mytestbox.mytestdomain.com).
> Thanks,
> John
> --- Robert Heaven <robertheaven at mediaone.net> wrote:
> 
>  did you try:
>     search  testdomain.com  externaldomain.com
> John Wells wrote:
> 
>  I'm trying to get a machine set up that has two
> 
>  NICs,
> 
>  one to internal network and one to external
> 
>  network. 
> 
>  I want to be able to use the internal net's DNS
> 
>  server
> 
>  to resolve internal DNS queries, and the external
> net's DNS server to resolve external queries.  The
> internal net's domain is testdomain.com.
> So, if I set up /etc/resolv.conf to be:
> search testdomain.com
> nameserver 198.153.233.8 ;internal 
> nameserver 38.2.3.4 ; external
> nameserver 38.2.3.5 ; external
> Hosts resolve on the internal net but not on the
> external one.
> If I set up /etc/resolv.conf to be:
> search testdomain.com
> nameserver 38.2.3.4 ; external
> nameserver 38.2.3.5 ; external
> nameserver 198.153.233.8 ;internal 
> then hosts resolve on the external (ex.
> www.slashdot.org) but not the internal.
> Is there no way to have both resolve?  Will I have
> 
>  to
> 
>  change the internal server to provide information
> 
>  on
> 
>  external hosts?  I've tried a number of different
> configuration but can't seem to get one to work.
> Thanks in advance,
> John
> __________________________________________________
> Do You Yahoo!?
> Make a great connection at Yahoo! Personals.
> http://personals.yahoo.com
> ---
> This message has been sent through the ALE general
> 
>  discussion list.
> 
>  See http://www.ale.org/mailing-lists.shtml for more
> 
>  info. Problems should be 
> 
>  sent to listmaster at ale dot org.
> 
>  __________________________________________________
> Do You Yahoo!?
> Make a great connection at Yahoo! Personals.
> http://personals.yahoo.com
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 
> 
> --- This message has been sent through the ALE general discussion list. See
> http://www.ale.org/mailing-lists.shtml for more info. Problems should be sent to listmaster at ale dot org.
> 


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list