administrating BIND with Private IPs

Christopher Denney chris at isis.bbmbc.org
Fri Feb 23 18:58:44 UTC 2001 

Well, What I'm doing is similar...
    I'm having my dhcp server hand out private addresses to machines and
register them on the "dhcp.domain.com" domain. This "fake domain is only
accessible to machines on my network. Only my machines have either a private
or a public, not both.
(those that DO have both are only in the DNS for the public address)
--------------------------------------------------------------------
zone "domain.com" {
        type master;
        file "db.domain.com";
};
zone "dhcp.domain.com" {
        type master;
        file "db.dhcp.domain.com";
        allow-query {
                127.0.0.1;         <-- local host  :)
                xxx.xxx.xx.0/24;   <-- publicly addressed network
                172.xx.xx.0/22;    <-- privatly addressed network
        };
        allow-update { 127.0.0.1; };
};
zone "xx.xx.172.in-addr.arpa" {
        type master;
        file "db.172.xx.xx";
        allow-query {
                127.0.0.1;         <-- local host  :)
                xxx.xxx.xx.0/24;   <-- publicly addressed network
                172.xx.xx.0/22;    <-- privatly addressed network
        };
        allow-update { 127.0.0.1; };
};

-- 
    -- Cd --                    Christopher Denney
-- 
Absurdity, n. a statement or belief manifestly inconsistent with one's own
opinion. -Ambrose Bierce, The Devil's Dictionary (1906)

> From: Maximo Ramos <maximo at violadores.org>
> Date: Thu, 22 Feb 2001 16:01:39 +0900
> To: bind-users at isc.org
> Subject: administrating BIND with Private IPs
> 
> 
> Hi ... It was hard trying to put a descriptive subject :)
> 
> My situacion:
> 
> My domain is:  domain.com
> 
> with two name servers:
> 
> NS1     some remote machine
> NS2     my machine here
> 
> 
> in NS2 I have a small network, with some machines with private IP
> addresses, and NS2 is fetching the dns information from NS1 (it's the
> slave)
> 
> Now, is it right to put such info in my db.domain.com like this???:
> 
> <Real.IP.Address>       IN A    host.domain.com
> <Real.IP.Address>       IN A    host2.domain.com
> 192.168.1.5             IN A    fake.domain.com (in my LAN)
> 192.168.1.6             IN A    fake2.domain.com (in my LAN)
> 
> I can't figure out how I can prevent somebody who may try to resolve
> fake.domain.com and receive such a private address.
> 
> I'd like people outside to be able to resolve host.domain.com and
> host2.domain.com, and leave the 192.168.1.X info for my LAN
> exclusively (eth1)
> 
> Right now, in NS2 I have a fake domain for my fake machines in my LAN,
> but I don't like this solution.
> 
> Gee! it is really hard to explain what I am trying to do, I am not a
> native speaker of english :(
> 
> Hope somebody here gets the idea ........
> 
> -- 
> ----------------------------------------------------
> Maximo Ramos
>> From The Land of The Morning Calm
> "I am free of prejudices. I hate everyone equally."
> ----------------------------------------------------
>

More information about the bind-users mailing list