[KLUG Members] I have a couple questions.

[Rich Clark]

On Sun, 29 Aug 2004, Jeremy Leonard wrote:

> I don't think I worded it wrong. The box I'm using IS the DNS for my public
> domain. elite4god.com I want people on my lan to resolve hosts in that
> domain to their 192.168.x.x addresses. You can't go out a nat and back in so
> if a user on my lan enters www.elite4god.com into their browser it doesn't
> come up. They get unknown host. If I ping that DNS name I get the public
> address. I want to run two DNS servers each one only listens on one nic. The
> LAN side returns LAN addresses for my zone and the public side returns the
> public addresses. I don't want my users to have to use a different dns name
> if they are on the lan as apposed to when they are connected to the Internet
> through some other way.

I do exactly this or used to, before WOW closed inbound port 53 on me. 
However, doing DNS for a LAN is the same as you would any other domain. 
ACL's help keep the riffraff outta the internal zonefile.  I separate zone 
files; the externally visible zone is rrclark.net; the internal zone is 
private.rrclark.net.  For the bastion server (similar to what you use) the 
internal NIC is named rich.private.rrclark.net; external it's rrclark.net.

As to resources, there's no better investment than a personal copy of 
O'Reilly's cricket book, DNS & Bind, and don't get anything earlier than 
4th edition.

Lemme know if this is unclear.

Rich
-- 
"More & more, the IBM Nazgul appear to be relentless in their methodical
destruction of the SCO case, while SCO now give the impression of being a
headless, legless chicken, strapped to a barbeque, with the feathers 
becoming singed." - bishopi on http://www.groklaw.net re: SCO & IBM 
on 8/25/04