How to implement DNS server in a firewall.

Sun May 22 05:58:32 UTC 2005

At 01:47 AM 5/22/2005, Barry Margolin wrote:
>In article <d6otb6$1lg4$1 at sf1.isc.org>,
>  Penghui Wang <wangpenghui at realss.com> wrote:
>
> > Hello lists:
> >
> > I have a domain name "example.com", it registered in a ISP.
> > And i could manage this domain and its subdomains on the website which
> > the ISP provided.
> >
> > And i am in a lan, the intranet of our company.
> > There is a dhcp server and a dns server one the host which is the
> > gateway of the intranet.
> >
> > The domain name of the gateway is example.com.
>
>Why don't you tell us the real domain?  We can't tell if you're
>configuring things correctly when you give fake information like this.
>
> > If i want to resolve the example.com in intranet, it's impossible.
> >
> > So i want to the dns server on the gateway to manage some part of the
> > domain name "example.com".
> >
> > I have added the follow text in named.conf
> >
> > zone "example.com" IN {
> >   type slave;
> >   file "pri/example.com.zone";
>
>If you have a subdirectory named "pri", it's usually used for master
>zones, not slaves.  "pri" is short for "primary", which is what master
>zones used to be called; slave zones would usually be in a subdirectory
>named "sec", because they used to be called secondary zones.
>
> >   master {210.34.0.14;}; // A public DNS server
> >  };
>
>Is 210.34.0.14 really the master server for your zone?  Does it allow
>your gateway to perform zone transfers?

That and the correct keyword is "masters", plural.

> >
> > After that, i found that i could not resolve any domain names in
> > "example.com" except the entries of the dns server on the gateway.
>
>It should be able to resolve all the names in the zone that it
>transferred from 210.34.0.14.  Are you getting any error messages when
>it tries to do a zone transfer?
>
> >
> > I think i must  do something misconfiguration.
>
>If your gateway is authoritative for a zone, then it will not forward
>names within that zone to any other servers.
>
>--
>Barry Margolin, barmar at alum.mit.edu
>Arlington, MA
>*** PLEASE post questions in newsgroups, not directly to me ***

Vinny Abello
Network Engineer
Server Management
vinny at tellurian.com
(973)300-9211 x 125
(973)940-6125 (Direct)
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0  E935 5325 FBCB 0100 977A

Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN

"Courage is resistance to fear, mastery of fear - not absence of 
fear" -- Mark Twain