Local subnet with public domain?

08/03/2006, 16h31

Hi,

I'm just getting the basics of DNS, by working through the
Linux-DNS-Howto. I have a 192.168 subnet behind a NAT-router and a
public domain, whose DNS, mail and web server are hosted at an external
company (let's say it is domain.com, which is actually not true, of
course). I would like to use this domain name also in my internal
network. First to avoid ugly domain.invalid names, second to learn DNS
better.

So my first question will I run into trouble, when I just want to
configure a local bind9 server, to resolve my local names in my 192.168
subnet, when at the same time I also want correct resolution for the
external servers www.domain.com, mail.domain.com?

Do I need different "views" to achieve my goal? At the moment I don't
know what "view" actually means, I just got this term from a FAQ to a
related question.

My local bind will not be authorative for the complete domain, as I
can't influence the externally hosted servers and IP. What do I have to
tell my bind, to handle this situation?

Thanks in advance for your . Any pointers to docs, which handle my
special problem are welcome.

Ciao
Siegbert

08/03/2006, 17h45

Begin <440f06f6$1@news.uni-ulm.de>
On 2006-03-08, Siegbert Baude <siegbert.baude@gmx.de> wrote:
> So my first question will I run into trouble, when I just want to
> configure a local bind9 server, to resolve my local names in my 192.168
> subnet, when at the same time I also want correct resolution for the
> external servers www.domain.com, mail.domain.com?

Rememer that domains are hierarchical. So with your example.com
registered and hosted somewhere, you could simply setup a
home.example.com with all the local names in them. Then on the local
machines, set the searchpath to home.example.com for lazy typing.

> Do I need different "views" to achieve my goal? At the moment I don't
> know what "view" actually means, I just got this term from a FAQ to a
> related question.

Views allow you to split up what you're showing different parts of
the network. With it, you can do something like this: requests coming
in from ``local'' get answers from the full zone, and requests from
``elsewhere'' get answers while only looking at the external zone.

> My local bind will not be authorative for the complete domain, as I
> can't influence the externally hosted servers and IP. What do I have to
> tell my bind, to handle this situation?

In the hierarchical case, you could opt to tell the authoritative
servers for example.com where to look for home.example.com. Since it is
a local-only zone with private addresses and no use for anyone else,
you can skip that step. You then simply tell the local dns that it is
authoritative for home.example.com and to look elsewhere for all the
rest.

In the scenario as you originally envisioned, you will have a problem,
as split authority within a zone was not a design parameter of dns. It
can probably be worked around with some scripting or simply hand-merging
the zones and hope the externally sucked in parts don't change. With
sub-zones, the problem reduces to what dns is normally used for.

> Thanks in advance for your . Any pointers to docs, which handle my
> special problem are welcome.

Use the hierarchical approach, it's a solved problem, and well
documented. BTW, don't forget to setup a reverse zone for the private
range you're using, if only to avoid leakage of those queries to the
root servers.

--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
This message was originally posted on Usenet in plain text.
Any other representation, additions, or changes do not have my
consent and may be a violation of international copyright law.

09/03/2006, 08h40

jpd schrieb:
> Siegbert Baude wrote:

First, thanks jpd for your fast answer. :-)

>> So my first question will I run into trouble, when I just want to
>> configure a local bind9 server, to resolve my local names in my 192.168
>> subnet, when at the same time I also want correct resolution for the
>> external servers www.domain.com, mail.domain.com?
>
> Rememer that domains are hierarchical. So with your example.com
> registered and hosted somewhere, you could simply setup a
> home.example.com with all the local names in them. Then on the local
> machines, set the searchpath to home.example.com for lazy typing.

Ah, I didn't think of a subdomain, but this seems to be the easiest
solution. I will try this and come back here, if I encounter any
problems with the setup.

> BTW, don't forget to setup a reverse zone for the private
> range you're using, if only to avoid leakage of those queries to the
> root servers.

I already tried this without using a subdomain (so my local hosts were
called pc1.example.com, pc2.example.com,...), but reverse lookup didn't
work (normal lookup did however). This was the moment, when I started to
think, if my approach is really sensible. But it could have been also
just a misconfiguration on my side, as I'm new to DNS setups.

Ciao
Siegbert

08/03/2006, 16h31	#1
Siegbert Baude Messages: n/a Hébergeur:	Local subnet with public domain? Hi, I'm just getting the basics of DNS, by working through the Linux-DNS-Howto. I have a 192.168 subnet behind a NAT-router and a public domain, whose DNS, mail and web server are hosted at an external company (let's say it is domain.com, which is actually not true, of course). I would like to use this domain name also in my internal network. First to avoid ugly domain.invalid names, second to learn DNS better. So my first question will I run into trouble, when I just want to configure a local bind9 server, to resolve my local names in my 192.168 subnet, when at the same time I also want correct resolution for the external servers www.domain.com, mail.domain.com? Do I need different "views" to achieve my goal? At the moment I don't know what "view" actually means, I just got this term from a FAQ to a related question. My local bind will not be authorative for the complete domain, as I can't influence the externally hosted servers and IP. What do I have to tell my bind, to handle this situation? Thanks in advance for your . Any pointers to docs, which handle my special problem are welcome. Ciao Siegbert

08/03/2006, 17h45	#2
jpd Messages: n/a Hébergeur:	Re: Local subnet with public domain? Begin <440f06f6$1@news.uni-ulm.de> On 2006-03-08, Siegbert Baude <siegbert.baude@gmx.de> wrote: > So my first question will I run into trouble, when I just want to > configure a local bind9 server, to resolve my local names in my 192.168 > subnet, when at the same time I also want correct resolution for the > external servers www.domain.com, mail.domain.com? Rememer that domains are hierarchical. So with your example.com registered and hosted somewhere, you could simply setup a home.example.com with all the local names in them. Then on the local machines, set the searchpath to home.example.com for lazy typing. > Do I need different "views" to achieve my goal? At the moment I don't > know what "view" actually means, I just got this term from a FAQ to a > related question. Views allow you to split up what you're showing different parts of the network. With it, you can do something like this: requests coming in from ``local'' get answers from the full zone, and requests from ``elsewhere'' get answers while only looking at the external zone. > My local bind will not be authorative for the complete domain, as I > can't influence the externally hosted servers and IP. What do I have to > tell my bind, to handle this situation? In the hierarchical case, you could opt to tell the authoritative servers for example.com where to look for home.example.com. Since it is a local-only zone with private addresses and no use for anyone else, you can skip that step. You then simply tell the local dns that it is authoritative for home.example.com and to look elsewhere for all the rest. In the scenario as you originally envisioned, you will have a problem, as split authority within a zone was not a design parameter of dns. It can probably be worked around with some scripting or simply hand-merging the zones and hope the externally sucked in parts don't change. With sub-zones, the problem reduces to what dns is normally used for. > Thanks in advance for your . Any pointers to docs, which handle my > special problem are welcome. Use the hierarchical approach, it's a solved problem, and well documented. BTW, don't forget to setup a reverse zone for the private range you're using, if only to avoid leakage of those queries to the root servers. -- j p d (at) d s b (dot) t u d e l f t (dot) n l . This message was originally posted on Usenet in plain text. Any other representation, additions, or changes do not have my consent and may be a violation of international copyright law.

09/03/2006, 08h40	#3
Siegbert Baude Messages: n/a Hébergeur:	Re: Local subnet with public domain? jpd schrieb: > Siegbert Baude wrote: First, thanks jpd for your fast answer. :-) >> So my first question will I run into trouble, when I just want to >> configure a local bind9 server, to resolve my local names in my 192.168 >> subnet, when at the same time I also want correct resolution for the >> external servers www.domain.com, mail.domain.com? > > Rememer that domains are hierarchical. So with your example.com > registered and hosted somewhere, you could simply setup a > home.example.com with all the local names in them. Then on the local > machines, set the searchpath to home.example.com for lazy typing. Ah, I didn't think of a subdomain, but this seems to be the easiest solution. I will try this and come back here, if I encounter any problems with the setup. > BTW, don't forget to setup a reverse zone for the private > range you're using, if only to avoid leakage of those queries to the > root servers. I already tried this without using a subdomain (so my local hosts were called pc1.example.com, pc2.example.com,...), but reverse lookup didn't work (normal lookup did however). This was the moment, when I started to think, if my approach is really sensible. But it could have been also just a misconfiguration on my side, as I'm new to DNS setups. Ciao Siegbert

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email