PDA

Click to See Complete Forum and Search --> : DNS configuration

ltrain
05-05-2001, 04:53 PM
Does anyone have any suggestions on howto configure a dns server with two seperate subnets? Situation: Attempting to configure lan with local (private) dns server and internet connected servers (public) servers with public dns subnet -- all while using one named.conf and db* file(s).

Configured both named.conf + db files (changed ns servers A record with public IP) + resolv.conf and restarted named but the now lan clients are having difficulty logging into network. Network seems to be confused on who is who.

Can you have 2 A records in the db files? One for Intranet and one for Internet?

Help?
bdl
05-05-2001, 05:46 PM
This is fairly common on a 'dual-homed' server where you've got one leg in the ether and the other in your private net. What you essentially want to do is create different zones for your external and internal name space. You'll have two sets of zone db files that delegate the two areas of your network.

A good way to do this security wise is to actually run two servers, one listening on your external interface and the other listening on the internal. CHROOT the external, run it as a non-root uid/gid and allow it to *only* listen on the external interface. Running the internal is basically the same, but due to control issues you can set and also running as a non-root uid/gid, I'd say you'd be alright to run it outside a CHROOT jail. What happens in this case is, the external server only knows about it's public namespace, and will never allow persons on the outside to do zone transfers on your internal private subnet. The /etc/resolv.conf file points to the internal server's address so the machine can inquiry local names and allow mail and other services to resolve properly. Alot has been written on the subject, so I wont go into details, but here are a few quick links:

Mr DNS Archive (http://www.acmebw.com/askmrdns/)
Chroot DNS HOWTO (http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Chroot-BIND-HOWTO.html)
DNS HOWTO (http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/DNS-HOWTO.html)

Luck!