Dear Tim, Is it need to Use TSIG to select the appropriate view ? Tim wrote: On Tue, 2007-04-03 at 07:52 +0800, edwardspl@xxxxxxxxxx wrote:Is there an simple sample for setup Internal and External DNS ?Something *like* the following sets of examples, but not exactly. Just use it as a starting guide while you read the manual files for the name server. The filenames are purely my own choice, they're not a standard scheme. And the time periods I've used suit my LAN which has frequent experimental changes, but wouldn't be very appropriate for public use. You'll notice that the zone files have some information that's the same for local and external answers (e.g. they all use example.com), yet there are appropriate variances (e.g. the IP addresses). Within a named.conf file (as well as what else is there): ------------------- begin sample --------------------- view lan_resolver { match-clients { localhost; }; match-destinations { localhost; }; include "/etc/lan.conf"; include "/etc/rndc.key"; }; view publicnet_resolver { include "/etc/publicnet.conf"; include "/etc/rndc.key"; }; -------------------- end sample ----------------------- This defines seperate locations for configuring the internal and external handling. It could be done in one named.conf file, but some people prefer individual configuration files for the custom bits. The choice is yours, dependent on how you want to manage Fedora updates to the BIND packages. This is the beginning point for what makes a DNS server respond differently to internal or external queries. You may need to change the match-clients parts for both sections to suit yourself. It's fair bet that you *will* have to. Don't ask me how to do that, read the manual, the documentation, or visit their website. A lan.conf file: ------------------- begin sample --------------------- zone "example.com" { type master; file "lan.example.com.zone"; masters { 192.168.1.2; }; }; zone "1.168.192.in-addr.arpa" { type master; file "lan.1.168.192.in-addr.arpa.zone"; masters { 192.168.1.2; }; }; -------------------- end sample ----------------------- This sets up the files that will be used for answering lan queries, they're separate zone record files than the public answers. A publicnet.conf file: ------------------- begin sample --------------------- zone "example.com" { type master; file "public.example.com.zone"; masters { 192.168.1.2; }; }; zone "34.0.192.in-addr.arpa" { type master; file "public.34.0.192.in-addr.arpa.zone"; masters { 192.168.1.2; }; }; -------------------- end sample ----------------------- This sets up the files that will be used for answering public queries, they're separate zone record files than the internal answers. A lan.example.com.zone file: ------------------- begin sample --------------------- $ORIGIN . $TTL 259200 ; 3 days example.com IN SOA ns.example.com. hostmaster.example.com. ( 227 ; serial 300 ; refresh (5 minutes) 900 ; retry (15 minutes) 691200 ; expire (1 week 1 day) 345600 ; minimum (4 days) ) NS ns.example.com. A 192.168.1.2 MX 1 mail.example.com. $ORIGIN example.com. www A 192.168.1.10 ns A 192.168.1.2 -------------------- end sample ----------------------- This is the file that provides IP address answers to local name queries. A lan.1.168.192.in-addr.arpa.zone file: ------------------- begin sample --------------------- $ORIGIN . $TTL 259200 ; 3 days 1.168.192.in-addr.arpa IN SOA ns.example.com. hostmaster.example.com. ( 608 ; serial 300 ; refresh (5 minutes) 900 ; retry (15 minutes) 691200 ; expire (1 week 1 day) 345600 ; minimum (4 days) ) NS ns.example.com. $ORIGIN 1.168.192.in-addr.arpa. 10 PTR www.example.com. -------------------- end sample ----------------------- This is the file that provides reverse lookups (what names below to a queried IP) for local queries. A public.example.com.zone file: ------------------- begin sample --------------------- $ORIGIN . $TTL 259200 ; 3 days example.com IN SOA ns.example.com. hostmaster.example.com. ( 227 ; serial 300 ; refresh (5 minutes) 900 ; retry (15 minutes) 691200 ; expire (1 week 1 day) 345600 ; minimum (4 days) ) NS ns.example.com. A 192.0.34.43 MX 1 mail.example.com. $ORIGIN example.com. www A 192.0.34.166 ns A 192.0.34.43 -------------------- end sample ----------------------- This is the file that provides IP address answers to external name queries. A public.34.0.192.in-addr.arpa.zone file: ------------------- begin sample --------------------- $ORIGIN . $TTL 259200 ; 3 days 34.0.192.in-addr.arpa IN SOA ns.example.com. hostmaster.example.com. ( 608 ; serial 300 ; refresh (5 minutes) 900 ; retry (15 minutes) 691200 ; expire (1 week 1 day) 345600 ; minimum (4 days) ) NS ns.example.com. $ORIGIN 34.0.192.in-addr.arpa. 166 PTR www.example.com. -------------------- end sample ----------------------- This is the file that provides reverse lookups (what names below to a queried IP) for external queries. I worked this all out from reading the manuals. If you can't do this for yourself, it's time to start paying someone to help you. I've spent the last hour, or so, copying and pasting things from my name servers, and removing the extraneous and private data. |