On Tue, 2007-04-03 at 07:52 +0800, edwardspl@xxxxxxxxxx wrote:
Is there an simple sample for setup Internal and External DNS ?
Something *like* the following sets of examples, but not exactly. Just
use it as a starting guide while you read the manual files for the name
server.
The filenames are purely my own choice, they're not a standard scheme.
And the time periods I've used suit my LAN which has frequent
experimental changes, but wouldn't be very appropriate for public use.
You'll notice that the zone files have some information that's the same
for local and external answers (e.g. they all use example.com), yet
there are appropriate variances (e.g. the IP addresses).
Within a named.conf file (as well as what else is there):
------------------- begin sample ---------------------
view lan_resolver {
match-clients { localhost; };
match-destinations { localhost; };
include "/etc/lan.conf";
include "/etc/rndc.key";
};
view publicnet_resolver {
include "/etc/publicnet.conf";
include "/etc/rndc.key";
};
-------------------- end sample -----------------------
This defines seperate locations for configuring the internal and
external handling. It could be done in one named.conf file, but some
people prefer individual configuration files for the custom bits. The
choice is yours, dependent on how you want to manage Fedora updates to
the BIND packages. This is the beginning point for what makes a DNS
server respond differently to internal or external queries. You may
need to change the match-clients parts for both sections to suit
yourself. It's fair bet that you *will* have to. Don't ask me how to
do that, read the manual, the documentation, or visit their website.
A lan.conf file:
------------------- begin sample ---------------------
zone "example.com" {
type master;
file "lan.example.com.zone";
masters { 192.168.1.2; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "lan.1.168.192.in-addr.arpa.zone";
masters { 192.168.1.2; };
};
-------------------- end sample -----------------------
This sets up the files that will be used for answering lan queries,
they're separate zone record files than the public answers.
A publicnet.conf file:
------------------- begin sample ---------------------
zone "example.com" {
type master;
file "public.example.com.zone";
masters { 192.168.1.2; };
};
zone "34.0.192.in-addr.arpa" {
type master;
file "public.34.0.192.in-addr.arpa.zone";
masters { 192.168.1.2; };
};
-------------------- end sample -----------------------
This sets up the files that will be used for answering public queries,
they're separate zone record files than the internal answers.
A lan.example.com.zone file:
------------------- begin sample ---------------------
$ORIGIN .
$TTL 259200 ; 3 days
example.com IN SOA ns.example.com. hostmaster.example.com. (
227 ; serial
300 ; refresh (5 minutes)
900 ; retry (15 minutes)
691200 ; expire (1 week 1 day)
345600 ; minimum (4 days)
)
NS ns.example.com.
A 192.168.1.2
MX 1 mail.example.com.
$ORIGIN example.com.
www A 192.168.1.10
ns A 192.168.1.2
-------------------- end sample -----------------------
This is the file that provides IP address answers to local name queries.
A lan.1.168.192.in-addr.arpa.zone file:
------------------- begin sample ---------------------
$ORIGIN .
$TTL 259200 ; 3 days
1.168.192.in-addr.arpa IN SOA ns.example.com. hostmaster.example.com. (
608 ; serial
300 ; refresh (5 minutes)
900 ; retry (15 minutes)
691200 ; expire (1 week 1 day)
345600 ; minimum (4 days)
)
NS ns.example.com.
$ORIGIN 1.168.192.in-addr.arpa.
10 PTR www.example.com.
-------------------- end sample -----------------------
This is the file that provides reverse lookups (what names below to a
queried IP) for local queries.
A public.example.com.zone file:
------------------- begin sample ---------------------
$ORIGIN .
$TTL 259200 ; 3 days
example.com IN SOA ns.example.com. hostmaster.example.com. (
227 ; serial
300 ; refresh (5 minutes)
900 ; retry (15 minutes)
691200 ; expire (1 week 1 day)
345600 ; minimum (4 days)
)
NS ns.example.com.
A 192.0.34.43
MX 1 mail.example.com.
$ORIGIN example.com.
www A 192.0.34.166
ns A 192.0.34.43
-------------------- end sample -----------------------
This is the file that provides IP address answers to external name
queries.
A public.34.0.192.in-addr.arpa.zone file:
------------------- begin sample ---------------------
$ORIGIN .
$TTL 259200 ; 3 days
34.0.192.in-addr.arpa IN SOA ns.example.com. hostmaster.example.com. (
608 ; serial
300 ; refresh (5 minutes)
900 ; retry (15 minutes)
691200 ; expire (1 week 1 day)
345600 ; minimum (4 days)
)
NS ns.example.com.
$ORIGIN 34.0.192.in-addr.arpa.
166 PTR www.example.com.
-------------------- end sample -----------------------
This is the file that provides reverse lookups (what names below to a
queried IP) for external queries.
I worked this all out from reading the manuals. If you can't do this
for yourself, it's time to start paying someone to help you. I've spent
the last hour, or so, copying and pasting things from my name servers,
and removing the extraneous and private data.
