how to configure bind in LAN - DNS

This is a discussion on how to configure bind in LAN - DNS ; Hi, Now I'm seting up a name server in local area network. I want to make this LAN name server resolve all the hostnames in LAN, and forward to another name server in DMZ the queries for zones which LAN ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: how to configure bind in LAN

  1. how to configure bind in LAN

    Hi,

    Now I'm seting up a name server in local area network.

    I want to make this LAN name server resolve all the hostnames in LAN,
    and forward to another name server in DMZ the queries for zones which
    LAN name server doesn't has as master.

    BTW, I have 1 domain [isokiti.tv].
    I want to use this domain in both LAN and WAN.

    ====isokiti.tv zone on DMZ name server(for WAN)=====
    ...skip...
    $ORIGIN isokiti.tv
    dns IN A [global ip address]
    www IN A [global ip address]
    mx IN A [global ip address]
    ...skip...
    ================================================== ==

    ====isokiti.tv zone on LAN name server(for LAN)=====
    ...skip...
    $ORIGIN isokiti.tv
    win IN A 192.168.0.10
    mac IN A 192.168.0.11
    sun IN A 192.168.0.12
    localdns IN A 192.168.0.53
    ...skip...
    ================================================== ==

    Each DNS has isokiti.tv zone, but the contents in each zone are different.

    I tried several methods(view, forwarder, etc.), but cannot do what I
    want to do.


    When I dig sun.isokiti.tv from winPC in LAN to LAN dns, then I can get a
    correct response from LAN dns.

    But when I dig mx.isokiti.tv from winPC in LAN to LAN dns, then I cannot
    get a correct response from LAN dns.
    (LAN dns doesn't forward this query to DMZ dns but responses NXDOMAIN)

    I don't know how to forward its query to DMZ dns
    if LAN dns don't know it when I query xxx.isokiti.tv to LAN dns.


    Is there any way to do it above?


    Actually, it comes true if I write all my A records in zone file, but I
    don't want to do so because private IPs are disclosed.



    My BIND version is 9.4.2-P1.
    And I'm ready to upgrade much further.


    Thank you in advance for any advice.


    --
    isobetti


  2. Re: how to configure bind in LAN

    In article ,
    Tomokazu Isobe wrote:

    > Hi,
    >
    > Now I'm seting up a name server in local area network.
    >
    > I want to make this LAN name server resolve all the hostnames in LAN,
    > and forward to another name server in DMZ the queries for zones which
    > LAN name server doesn't has as master.
    >
    > BTW, I have 1 domain [isokiti.tv].
    > I want to use this domain in both LAN and WAN.
    >
    > ====isokiti.tv zone on DMZ name server(for WAN)=====
    > ..skip...
    > $ORIGIN isokiti.tv
    > dns IN A [global ip address]
    > www IN A [global ip address]
    > mx IN A [global ip address]
    > ..skip...
    > ================================================== ==
    >
    > ====isokiti.tv zone on LAN name server(for LAN)=====
    > ..skip...
    > $ORIGIN isokiti.tv
    > win IN A 192.168.0.10
    > mac IN A 192.168.0.11
    > sun IN A 192.168.0.12
    > localdns IN A 192.168.0.53
    > ..skip...
    > ================================================== ==
    >
    > Each DNS has isokiti.tv zone, but the contents in each zone are different.
    >
    > I tried several methods(view, forwarder, etc.), but cannot do what I
    > want to do.
    >
    >
    > When I dig sun.isokiti.tv from winPC in LAN to LAN dns, then I can get a
    > correct response from LAN dns.
    >
    > But when I dig mx.isokiti.tv from winPC in LAN to LAN dns, then I cannot
    > get a correct response from LAN dns.
    > (LAN dns doesn't forward this query to DMZ dns but responses NXDOMAIN)


    Forwarding is only done for zones the server isn't authoritative for.
    Since the LAN server is authoritative for isokiti.tv, it never forwards
    anything in this zone. You even said this up above, when you described
    what you wanted to do.

    You'll need to copy all the records from the DMZ server to the LAN
    server.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE don't copy me on replies, I'll read them in the group ***


  3. Re: how to configure bind in LAN

    > In article ,
    > Tomokazu Isobe wrote:
    >
    > > Hi,
    > >
    > > Now I'm seting up a name server in local area network.
    > >
    > > I want to make this LAN name server resolve all the hostnames in LAN,
    > > and forward to another name server in DMZ the queries for zones which
    > > LAN name server doesn't has as master.
    > >
    > > BTW, I have 1 domain [isokiti.tv].
    > > I want to use this domain in both LAN and WAN.
    > >
    > > ====isokiti.tv zone on DMZ name server(for WAN)=====
    > > ..skip...
    > > $ORIGIN isokiti.tv
    > > dns IN A [global ip address]
    > > www IN A [global ip address]
    > > mx IN A [global ip address]
    > > ..skip...
    > > ================================================== ==
    > >
    > > ====isokiti.tv zone on LAN name server(for LAN)=====
    > > ..skip...
    > > $ORIGIN isokiti.tv
    > > win IN A 192.168.0.10
    > > mac IN A 192.168.0.11
    > > sun IN A 192.168.0.12
    > > localdns IN A 192.168.0.53
    > > ..skip...
    > > ================================================== ==
    > >
    > > Each DNS has isokiti.tv zone, but the contents in each zone are different.
    > >
    > > I tried several methods(view, forwarder, etc.), but cannot do what I
    > > want to do.
    > >
    > >
    > > When I dig sun.isokiti.tv from winPC in LAN to LAN dns, then I can get a
    > > correct response from LAN dns.
    > >
    > > But when I dig mx.isokiti.tv from winPC in LAN to LAN dns, then I cannot
    > > get a correct response from LAN dns.
    > > (LAN dns doesn't forward this query to DMZ dns but responses NXDOMAIN)

    >
    > Forwarding is only done for zones the server isn't authoritative for.
    > Since the LAN server is authoritative for isokiti.tv, it never forwards
    > anything in this zone. You even said this up above, when you described
    > what you wanted to do.
    >
    > You'll need to copy all the records from the DMZ server to the LAN
    > server.
    >
    >

    Thank you for reply and I understand.

    I set up the LAN server as follows.
    - make isokiti.tv.local.zone file having only A records in LAN.
    - register a cron rule to execute such a script that gets isokiti.tv zone from the DMZ server,
    appends '$INCLUDE "local/isokiti.tv.local.zone"' to the zone file from DMZ,
    modifies serial number properly
    and executes "rndc reload isokiti.tv".
    - register isokiti.tv zone and the zone file from DMZ as master on named.conf.

    It is very winding but works well so far.

    If there should be more smart method, please teach me.

    BTW, I'm starting to feel like it isn't a burden to anybody and has no problem
    even if A records having private IP address in LAN are disclosed...
    I might have spent a wasted time.


    Thank you very much.

    --
    isobetti


+ Reply to Thread