private dns config for internal lan behind an ip_masq box?

[Kevin Darcy]

Just set up a nameserver with an Internet root hints file, whatever internal
zones you want, and either a) configure it to only listen to its internal
interface (using "listen-on" -- this would presumably be set up like the
Trinity OS doc, except without the external nameserver instance) or b) use
"allow-query" to forbid external queries. Option (b) may be preferable if you
think you may at some point want to serve your domain off the same machine,
since the "modern" way to do split DNS is with BIND 9 "views" instead of
running multiple instances using "listen-on".


- Kevin

Howard Taylor wrote:

> Hi All,
>
> I am using redhat 7.0 as a NAT box with ip_masquerading.  I have a few
> machines behind this router box and would like to configure named so I can
> have a private domain and name these machines on the internal lan.
>
> I dont have the need or desire for registering my own domain name.  I also
> dont have any need to supply dns services to anyone outside of the internal
> network.  The best reference I have found for something like this is the
> Trinity OS documentation, which suggests running 2 named's, but this seems
> geared towards serving up a registered domain name to both the internal and
> external interfaces.  It doesnt make sense to run a second version of named
> for me.  I dont have anyone on the internet that needs ( or can ) have
> access to my internal lan.
>
> If I set up something like this, I would like named to listen only for
> queries and not communicate with other nameds...  not real sure how to set
> this up, but it seems reasonalbe.
>
> Also, if this setup is possible, would the same instance of named also allow
> me to resolve internet names?
>
> here it is in a nutshell:
>     I want an instance of named that acts as a regular caching nameserver,
> but also resolves my internal names, but only to me.
>
> Has anyone done this before?
>
> Thanks much,
> Howard