#of DNS Servers

Michael Kjorling michael at kjorling.com
Wed Aug 1 10:03:28 UTC 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is easy to do. Just set up two different zones (and an ACL might
not be a bad idea either, even though not strictly neccessary):

	acl "lan" { ... };
	zone "your.net" {
		...
		allow-query { any; };
	};
	zone "lan.your.net" {
		...
		allow-query { lan; };
	};

You can also delegate 'lan.your.net.' to the internal IP addresses of
the DNS servers, further strengthening this. Like:

	$ORIGIN your.net.	; Just for clarity
	; Glue records for lan subdomain
	ns1.lan A 192.168.0.1
	ns2.lan A 192.168.0.2
	; Delegation records for lan subdomain
	lan NS ns1
	lan NS ns2

Of course replace the domain 'your.net' with the domain name you
(intend to) use.

If you are using BIND 9, you can also use views in order to make
lan.your.net even harder to reach from the outside, but it takes more
work on your part. (Instead of REFUSED, people will get NXDOMAIN
answers.)


Michael Kjörling


On Aug 1 2001 00:56 -0000, Tim Stanley wrote:

> You are addressing a bit of a question I have. I have a public DNS server.
> Now, I want to set up a DNS server for our private network. However, I don't
> want to display "private" addresses in  the public. I assume that our domain
> name is used on the public side, and a sub-domain name is used on the
> private side.
>
> Can you tell me a little about how the public and private DNS servers are
> configured, or perhaps tell me a resource that I could look at that would
> give me an "easy to understand" :-) description of how to make this
> happen???
>
> Thanks!
> Tim

- -- 
Michael Kjörling - michael at kjorling.com - PGP: 8A70E33E
Manager Wolf.COM -- Programmer -- Network Administrator
"We must be the change we wish to see" (Mahatma Gandhi)

^..^     Support the wolves in Norway -- go to     ^..^
 \/   http://home.no.net/ulvelist/protest_int.htm   \/

***** Please only send me emails which concern me *****

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7Z9P0KqN7/Ypw4z4RApZdAJ9FR00l6TW5+3nw9VgI+cmgUufCBwCfd+UB
Bfl3ziWuJW6bftfSbBY5BOM=
=fgAg
-----END PGP SIGNATURE-----

More information about the bind-users mailing list