Small Business Lan Internal DNS Setup

Kevin Darcy kcd at daimlerchrysler.com
Tue Oct 7 20:59:05 UTC 2003 

Spivack wrote:

>Hello All,
>
>Here's the regular new to this, limited DNS setup experience and need
>to setup internal DNS setup for our small business lan.
>
>Currently, we have a business DSL connection with Verizon.  We don't
>host our own DNS and I have a internal sun application requirement to
>setup internal DNS for a Sun One Identity server.  Our domainname for
>our website and incomming email is hosted by Earthlink.  Our ISP and
>outgoing email is hosted by Verizon.
>
>Being new to this, I was hoping someone could give me some pointers in
>taking one of our Sun Fire V480's and turning it into a DNS server
>that we can use internally with our windows clients as well as this
>Sun application, also I'd like to in the future provide the DNS
>hosting for our domainname and email.
>
>Could anyone give me some specific pointers and procedures in how I
>would accomplish this.  I've gotten some named templates from Sun but
>they aren't very helpful in describing how I would get verizon's DNS
>servers to play with my internal one.
>
>I've read that all we need to do for the first requirement is to setup
>a forwarding DNS server.  Does this require me to contact Verizon or
>can I do this on my own?
>
>As far as hosting our own domainname, will just setting up a
>forwarding server do that job or is it going to required a different
>type of DNS setup?
>
>Oh, one further note, with verizon we only have one external IP
>address available.  I hope this doesn't hurt us any.
>
If all of your clients are currently pointed to the Verizon servers for 
resolving DNS, this should be as simple as pointing them all to your Sun 
box and configuring the Sun box as a) master for the zone which contains 
your Sun One Identity application-specific names, and b) forwarder for 
everything else. If you must use your regular domain for the Sun One 
Identity app (as opposed to a special subdomain or a completely 
different domain altogether), then be aware that any entries for that 
domain will "mask" the equivalent entries on the Verizon servers, so 
you'll basically have to maintain all of the externally-visible entries 
in both places if you want your internal clients to see them.

You might also want to consider setting up your Sun box as a regular 
caching server instead of a forwarding server, assuming that network 
connectivity and firewall rules allow. There are significant downsides 
to forwarding that you may wish to avoid. Note also that if you don't 
use your regular domain for the Sun One Identity stuff, you could 
perhaps set yourself up as a "stealth" (i.e. unpublished) slave for that 
zone from Verizon, so that you'll always have those names local even if 
your connection to Verizon goes down.

As for hosting your own DNS, I would treat that as a separate project. 
You might want to host your external DNS on a completely different 
server, on a separate interface on the same server, or perhaps in a 
different "view" running in the same nameserver instance. There doesn't 
seem to me to be a lot of synergy in trying to set up your own internal 
DNS and hosting your own external DNS at the same time, and of course 
there's always a risk when you try to change too many things at once...

                                                                         
                                       - Kevin

More information about the bind-users mailing list