How to implement DNS server in a firewall.

[Barry Margolin]

In article <d6otb6$1lg4$1 at sf1.isc.org>,
 Penghui Wang <wangpenghui at realss.com> wrote:

> Hello lists:
> 
> I have a domain name "example.com", it registered in a ISP.
> And i could manage this domain and its subdomains on the website which
> the ISP provided.
> 
> And i am in a lan, the intranet of our company. 
> There is a dhcp server and a dns server one the host which is the
> gateway of the intranet.
> 
> The domain name of the gateway is example.com.

Why don't you tell us the real domain?  We can't tell if you're 
configuring things correctly when you give fake information like this.

> If i want to resolve the example.com in intranet, it's impossible.
> 
> So i want to the dns server on the gateway to manage some part of the
> domain name "example.com".
> 
> I have added the follow text in named.conf
> 
> zone "example.com" IN {
>   type slave;
>   file "pri/example.com.zone";

If you have a subdirectory named "pri", it's usually used for master 
zones, not slaves.  "pri" is short for "primary", which is what master 
zones used to be called; slave zones would usually be in a subdirectory 
named "sec", because they used to be called secondary zones.

>   master {210.34.0.14;}; // A public DNS server
>  };

Is 210.34.0.14 really the master server for your zone?  Does it allow 
your gateway to perform zone transfers?

> 
> After that, i found that i could not resolve any domain names in
> "example.com" except the entries of the dns server on the gateway.

It should be able to resolve all the names in the zone that it 
transferred from 210.34.0.14.  Are you getting any error messages when 
it tries to do a zone transfer?

> 
> I think i must  do something misconfiguration. 

If your gateway is authoritative for a zone, then it will not forward 
names within that zone to any other servers.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***