DNS on Lnux Problem

David Botham DBotham at OptimusSolutions.com
Wed Feb 4 22:21:23 UTC 2004 

bind-users-bounce at isc.org wrote on 02/03/2004 11:53:54 AM:
> My public dns is done by my ISP.  I set up an internal dns server on a
> Redhat Linux ver 9 box.  I made the internal domain the same name as the
> public domain name.  I can resolve all internal names that are in the
> internal dns database.  Via "." hints file, I can resolve all public 
names
> except my own public names.  I presume this is because my internal dns
> server is "authoritative" for my domain and as a result, if the name is

The reason your name server does not see data in your domain that is 
hosted on your ISP's name servers is due to the fact that your name server 
has the zone loaded locally.  If your name server has the zone loaded 
locally, it assumes that it is the only name server that has the zone 
loaded and will therefore not look on any other name servers for data in 
that zone.  Name servers are very narrow minded in this regard, and 
rightfully so.


What you need to do is configure your name server with a super set of the 
data for your zone.  For example, you would want the follow data in your 
interanl name server's zone data file for your domain:

1.  An SOA RR for the zone.
2.  RR's of type A for all hosts on your internal network, specifying the 
internal IP addresses for those hosts.
3.  RR's of type NS for your internal name servers (while we have 
discussed only one here, you do have two internal nameservers, don't 
you...)
4.  If you have a mail server inside your network, in addition to the A RR 
from step 1 above, put an MX RR for it in the internal zone as well.
3.  RR's of type A for hosts that are in your domain, but, are hosted 
outside your network, such as a colocated web server.  Here, you specify 
the actual IP address of the web server as it exists on the Internet.


Notice that your internal nameserver has "the most correct/complete" data 
about your zone.  That way, when your internal clients query this name 
server for data in your domain/zone, they get the right answer: Regardless 
of whether that answer references an IP address on the local private 
network for say the file server, or whether it refers them to an IP on the 
Internet where your web server is located.  This (these) internal 
nameserver combined with your ISP's nameservers (that host an external 
version of your domain) is a classic implementation of a split dns.


Hope this helps,


Dave...


> not in one of its zones, it does not go to the root servers.
> 
> I thought if I put a forwarder statement in the named.custom file, this 
is
> the Linux way of doing it, I could resolve my public names using my 
ISP's
> dns.  This just made it so the internal dns server would not work at 
all.
> Have I done this incorrectly?  Any ideas will be welcome.
> 
> Regards,
> 
> Tom
> 
>

More information about the bind-users mailing list