Newbie - config questions

Bryan Tonnet batonnet at phase4.com.au
Tue Feb 29 02:44:56 UTC 2000 

Sorry if this has gone before.  I'm still at the confused stage with
bind :)

We have the following setup

An internal network of 192.168.x.y

A dual homed masquerading firewall with an outward facing 'real' ip
address
Two other machines in a perimeter net with 'real' ip addresses.

One of the internal machines runs bind 4.9.2 and is a primary for
192.168.x, and has a forwarder of the firewall machine.

The firewall machine runs bind 4.9.7, and is a secondary for 192.168.x,
and has forwarders to two of our ISP's NS machines.

Our ISP is the primary for our 'real' IP addresses.

There is only one domain for the company both internal and external.

My issues;

* Is the above a reasonable setup or have I got it completely wrong? 
For example, there's nothng to stop us being the primary for our 'real'
addresses if that's more sensible than leaving it to our ISP.

* The generic domain resolves fine from outside the company, but inside
the domain does not resolve.  I'm clueless as to whether this should be
another A record or a CNAME or what.  Neither of these seems to work.

* 'Real' IP addresses for the domain in the internal NS named files
don't seem to work.  The firewall machine therefore has to have these in
its hosts file (messy).  This at least solves some problems, but why
can't the internal primary handle a few extra IP addresses outside of
192.168.x.y as part of the domain?

* I think the firewall machine gets occasionally confused as to where to
forward requests for our domain.  It should go looking at it's own
(secondary) tables first, but seems to occasionally reach outside to the
ISP's primary tables which, of course, have none of the internal
machines listed.

* Finally, and out of left field, our Win95 clients don't seem to follow
down the list of DNS servers properly.  When the primary is down, these
clients fail with no DNS resolution even though the secondary is up and
resolving.  Is this another MS thing, or more likely related to our
current configuration?

Thanks in advance

Bryan Tonnet
bryan at printman.com.au

More information about the bind-users mailing list