Bind 9 Question

Hans Fugal hans at fugal.net
Sat Dec 1 11:40:04 MST 2007


I have a semi-similar setup here. I have a lan tld, and my fugal.net
domain both served off of a server on my lan named falcon. Naturally I
don't want to serve up lan to the world, so I have a setup like what you
are asking for. I don't give a different view of fugal.net, but I could.
This is on Debian.

/etc/bind/named.conf:
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";

named.conf.options is rather boring.

name.conf.local:
view "internal" {
    include "/etc/bind/named.conf-internal";
    include "/etc/bind/named.conf-common";
};
view "external" {
    include "/etc/bind/named.conf-external";
    include "/etc/bind/named.conf-common";
}; // view "external"

named.conf-internal:
match-clients { 172.16.0.0/12; 127.0.0.1; };
recursion yes;

//zone "fugal.net" {
//	type master;
//	file "/etc/bind/db.fugal.net-internal";
//};

zone "lan" {
    type master;
    file "/etc/bind/dyn/db.lan";
    allow-update { 172.17.0.0/24; };
};
zone "0.17.172.in-addr.arpa" {
    type master;
    file "/etc/bind/dyn/db.172.17.0";
    allow-update { 172.17.0.0/24; };
};

The external view is similar but for external queries, obviously. The
part I have commented out above is where you would accomplish what you
want. But, if I'm reading it right you might want to proxy the requests
for charlescurley.com on to your nameserver out on the tubes. If that's
the case, you might be able to do some trick with forwarding and
(non)authoritativeness. I would probably either go with the two explicit
views (generated by a script and makefile if you want to avoid repeating
yourself), or using an experimental domain or subdomain (which makes
deployment a bit less tested).


On Fri, 30 Nov 2007 at 21:16 -0700, Charles Curley wrote:
> I have a domain, charlescurley.com, with its name, etc. served by
> domain name servers out there on the net somewhere. I also have my
> local area network, with machines like foo, bar, and baz. The network
> is NATted and not visible outside of the firewall.
> 
> I currently use the TLD "localdomain" for the LAN, so resolv.conf
> looks like:
> 
> root at dragon:/etc# cat resolv.conf 
> search localdomain
> nameserver 192.168.1.3
> nameserver 192.168.1.4
> 
> I set up an experimental server on a test machine which has the domain
> "charlescurley.com" and is authoritative for it. Since it is on the
> LAN, only machines on the LAN can see it or use it. I have local
> machines working correctly, e.g. foo.charlescurley.com resolves
> correctly. Its resolv.conf looks like:
> 
> root at phoenix:/var/named/etc/sites# cat /etc/resolv.conf 
> search charlescurley.com
> nameserver 192.168.1.47
> 
> The local machines are on 192.168.1.0/24, but the server for
> charlescurley.com isn't.
> 
> The question is, how do I get the local name server to correctly serve
> up "charlescurley.com" (and "www.charlescurley.com", an alias for
> charlescurley.com) to the local network.
> 
> I already know I can stick it in /etc/hosts, but that has all the
> problems that using /etc/hosts normally has. I'd like to do it with
> bind.
> 
> Thanks
> 
> -- 
> 
> Charles Curley                  /"\    ASCII Ribbon Campaign
> Looking for fine software       \ /    Respect for open standards
> and/or writing?                  X     No HTML/RTF in email
> http://www.charlescurley.com    / \    No M$ Word docs in email
> 
> Key fingerprint = CE5C 6645 A45A 64E4 94C0  809C FFF6 4C48 4ECD DFDB



> 
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */

-- 
Hans Fugal ; http://hans.fugal.net
 
There's nothing remarkable about it. All one has to do is hit the 
right keys at the right time and the instrument plays itself.
    -- Johann Sebastian Bach



More information about the PLUG mailing list