On Fri, Dec 17, 2004 at 03:14:50PM -0600, Nathaniel Hall wrote: > > I am new to DNS, but I have it mostly configured and working. The only > part I am not able to figure out is a piece I am not sure can even be > done. Here is the problem: > > We would like to be able to configure a DNS server for use within our > DMZ for small internal servers. Our ISP maintains our external DNS > presence so we do not want to make this our only point of resolution. > I have setup the domain to resolve names inside of domain.com. If the > site is not located internally... This is a common goal/ problem. It is discussed in the bind FAQ and other documents. Start here... http://www.isc.org/index.pl?/sw/bind/ I believe that you will find that all the 'external' touching hosts will have forward and reverse lookups maintained at your ISP (BTW: This is good...). There are multiple solutions. Commonly folks build an internal and external view of their domain. Some wild card magic DNS records and layers of MX records make things work. Another trick is to build a subdomain. You have a small handful gateway machines, hostnames and IP addresses. Then for the 'inside' there are subdomains that can be looked up and administered locally. Depending on routing policy you can expose those hosts or hide them (or mix). Give some attention to the various IP address space for private internets: # 10.0.0.0 - 10.255.255.255 (10/8 prefix) # 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) # 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) # 169.254.x.x - APIPA, Automatic Private IP Address N.B. (Note well) that private internets are not routed in normal ways (see host routes, NAT, and more). You do want to design in firewalls from the beginning. Cisco has had some good pages and docs on the web too. -- T o m M i t c h e l l spam unwanted email. SPAM, good eats, and a trademark of Hormel Foods.
