This is a discussion on Re: BIND configuration - superior wisdom required. - DNS ; In article , James Herbert wrote: > Hi. > > First off, if this is a FAQ, I'm most apologetic. The docs I looked at > didn't really answer me, and I don't grok BIND yet. > > Ok. My ...
> First off, if this is a FAQ, I'm most apologetic. The docs I looked at
> didn't really answer me, and I don't grok BIND yet.
> Ok. My current situation is this:
> I have a small internal network 10.0.0.0/24, and a smaller external
> network 217.155.x.168/29. I have just installed my sixth system on the
> network and have thus moved over to the internal NAT'ed network so as
> not to run out of address space. My servers have bidirectional mapping
> through the NAT box (OpenBSD/pf) such that 217.155.x.169 <-> 10.0.0.100
> and so on. Now this works great, except for the obvious problem that
> internal clients are still getting the external IP addresses of my
> servers from my ISP's DNS servers.
> What I'd like BIND to do for me is this:
> Be a DNS server for my internal network. It needs to answer only to my
> internal network, and reply to queries for servers on the internal
> network with their internal IP addresses, and forward everything else to
> my ISP's DNS servers.
> I've looked at views, split-horizon, forwarding, caching, but I'm a bit
> lost. If someone could point me in the right direction by firstly
> telling me if I've got the right idea, and secondly telling me what I
> should be configuring BIND to do, that would be wonderful. I'm using
> BIND 9.2.3.
You don't need views for this, because you shouldn't be getting any
queries from anywhere other than your local network. Simply configure
your server as a master for your forward zone and the reverse zone for
10.in-addr.arpa. Your server will answer with this information for your
servers, and recurse out to the Internet for everything else (there's no
need to forward to your ISP's DNS, that just adds an extra hop and point
Barry Margolin, email@example.com
*** PLEASE post questions in newsgroups, not directly to me ***