how to configure bind in LAN

isobetti at isokiti.tv isobetti at isokiti.tv
Mon Sep 1 14:58:04 UTC 2008 

> In article <g9dski$q7m$1 at sf1.isc.org>,
>  Tomokazu Isobe <isobetti at isokiti.tv> wrote:
> 
> > Hi,
> > 
> > Now I'm seting up a name server in local area network.
> > 
> > I want to make this LAN name server resolve all the hostnames in LAN,
> > and forward to another name server in DMZ the queries for zones which
> > LAN name server doesn't has as master.
> > 
> > BTW, I have 1 domain [isokiti.tv].
> > I want to use this domain in both LAN and WAN.
> > 
> > ====isokiti.tv zone on DMZ name server(for WAN)=====
> > ..skip...
> > $ORIGIN isokiti.tv
> > dns	IN	A	[global ip address]
> > www	IN	A	[global ip address]
> > mx	IN	A	[global ip address]
> > ..skip...
> > ====================================================
> > 
> > ====isokiti.tv zone on LAN name server(for LAN)=====
> > ..skip...
> > $ORIGIN isokiti.tv
> > win	IN	A	192.168.0.10
> > mac	IN	A	192.168.0.11
> > sun	IN	A	192.168.0.12
> > localdns	IN	A	192.168.0.53
> > ..skip...
> > ====================================================
> > 
> > Each DNS has isokiti.tv zone, but the contents in each zone are different.
> > 
> > I tried several methods(view, forwarder, etc.), but cannot do what I
> > want to do.
> > 
> > 
> > When I dig sun.isokiti.tv from winPC in LAN to LAN dns, then I can get a
> > correct response from LAN dns.
> > 
> > But when I dig mx.isokiti.tv from winPC in LAN to LAN dns, then I cannot
> > get a correct response from LAN dns.
> > (LAN dns doesn't forward this query to DMZ dns but responses NXDOMAIN)
> 
> Forwarding is only done for zones the server isn't authoritative for.  
> Since the LAN server is authoritative for isokiti.tv, it never forwards 
> anything in this zone.  You even said this up above, when you described 
> what you wanted to do.
> 
> You'll need to copy all the records from the DMZ server to the LAN 
> server.
> 
> 
Thank you for reply and I understand.

I set up the LAN server as follows.
 - make isokiti.tv.local.zone file having only A records in LAN.
 - register a cron rule to execute such a script that gets isokiti.tv zone from the DMZ server,
    appends '$INCLUDE "local/isokiti.tv.local.zone"' to the zone file from DMZ,
	modifies serial number properly
    and executes "rndc reload isokiti.tv".
 - register isokiti.tv zone and the zone file from DMZ as master on named.conf.

It is very winding but works well so far.

If there should be more smart method, please teach me.

BTW, I'm starting to feel like it isn't a burden to anybody and has no problem 
 even if A records having private IP address in LAN are disclosed...
I might have spent a wasted time.


Thank you very much.

-- 
isobetti

More information about the bind-users mailing list