[KLUG Members] LAN's and DNS

Bruce Smith members@kalamazoolinux.org
30 Aug 2002 10:57:30 -0400

Previous message: [KLUG Members] LAN's and DNS
Next message: [KLUG Members] LAN's and DNS
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> >Okay, so address 192.168.1.0/24, e.g., is "invisible" to the outside
> >world. Cool. But what about internal address NAMES? Since our ISP is the
> >NS for caresswm.org (the www. name and the MX records) and since I DON'T
> >want to serve as our own authoritative NS to the Real World(tm), what do
> >I do? 
> 
> You create a "split horizon".  In effect your already doing it on the IP level
> with NAT,  your inside machines have a diffrent view of the world than those
> standing outside and looking at you.
> 
> >1. If I can set bind to go out to the ISP for unknown addresses, I can
> >   name all the machines thisandthat.caresswm.org and just leave
> >   www.caresswm.org undefined. Do I set myself as a slave of our ISP, or
> >   do I use the "hints" option?
> >2. Fictional names: I can just tell the machines they are in domain
> >   cares.lan, which is not unlike the 192 addresses in that they don't
> >   exist on the greater internet. Assuming my MTA knows to stamp mail
> >   with the proper domain (and it does), and I have no other services to
> >   the outside world (aside from AUTH), is this a good plan?
> 
> The master internal bind server here is SOA for morrison-ind.com (and others). 
> So internal clients get a direct answer from him (or her, depends on how the day
> is going).  There is also a "real" SOA in the outside world.  In the real SOA
> there are typically VERY few records: www, mail, and one or two MXs.  I simply
> add the www address to the internal SOA (mail and MX are different internally).
>  So if the external hosting company canges the IP on there webserver(s) then my
> internal people won't be able to see the extranet page until I update it.  But
> in ~4 years that has never happened.
> 
> Would be pretty trivial to write a cron job to check the ISP SOA for www and
> nsupdate the internal master,  but in ~4 years....

I was confused for a minute, but I see your web server is hosted by an
external company.

Here, we run our own web server in house, where it has a private IP on
the DMZ (converted to a real IP by NAT for external queries).

Your answer assumed that www.caresswm.org hosted externally, and I was
assuming that it was internal like mine.

So Peter, use whichever solution fits your actual setup!  :-)

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
http://www.armstrong-intl.com/
--------------------------------------------

Previous message: [KLUG Members] LAN's and DNS
Next message: [KLUG Members] LAN's and DNS
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]