Thomas Cameron wrote: | On Tue, 2008-05-27 at 07:44 -0700, Daniel B. Thurman wrote: | > I have a setup as follows: | > | > 1) ISP->pass-thru-DSL-router->firewall-appliance w/ NAT support | > 2) NAT->DNS(Internet) | > | > Let's assume: | > a) ISP provided static IP is: 111.111.111.1 | > b) Firewall allows access to DNS port 53 | > c) Intranet addresses are: 10.0.0.x | > | > Q1: In setting up a DNS server for Internet, | > is it required that I setup mydomain.com | > zone for 111.111.111.x addresses or can I | > use 10.0.0.x addresses since NAT is involved? | > | > What I am trying to understand here, am I required | > to setup seperate DNS servers, one for Internet | > (for 111.111.111.x) and one for Intranet (for 10.0.0.x)? | > | > The trouble that I am running into is that I am not able | > to get reverse DNS to work even through I have PTR fields | > defined but they are of 10.0.0.x addresses and I am not | > seeing rDNS resolvers. | | Where is your DNS server? Is it behind the firewall? Yes. | Here's what I have: | | *) 1 Linux firewall connected to my ISP (public address) - | uses iptables | with SNAT so the internal private network can get to the Internet. | | *) 2 machines inside the firewall running forward and reverse | DNS, DHCP | and so on. My internal network is called something like | "mynet.lan" so | that it can never get confused with any outside DNS namespace. | | *) All machines inside the firewall look at the internal DNS server so | that they can resolve correctly. Any lookups for which the DNS server | is not authoritative gets sent out through the firewall. | | This works flawlessly for me. What is not clear is, is your DNS setup using your private IP addresses only - i.e., are you using your static-public IP addresses or are you using your private IP addresses or both? I have a firewall-appliance (SonicWall), so I am trying to setup things using it and looking for a basic solution. I tried, for example, using the same "mydomain.com" zone, adding both public and private ip addresses, which I found it to be unmanagable, so I decided to drop the public ip addresses in my "mydomain.com" zone, until I have a clear understanding of the proper way of setting up for a home-based DNS server, handling both public and private ip addresses. As mentioned before, I had assumed that NAT can somehow can handle public/private ip addresses translation and if so, rDNS should work assuming that the PTR are properly defined even though I am using only private IP addresses? I have seen many different ways in setting up DNS servers, the traditional way of having two seperate DNS servers, one for the "outside (Internet)" and a one for the "inside (Intranet)". The Internet DNS server is usually placed on the DMZ port of your firewall-appliance, and the Intranet DNS Server is placed behind the firewall. This seems to be a waste of hardware, especially for a home based setup where hardware costs are a little more expensive. Any suggestions? Dan -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
