[CLUE-Tech] dns example

ian iguy at ionsphere.org
Thu Jul 3 06:41:02 MDT 2003 

Mike,

There's two ways to deal with this.

1) Run a split DNS view where when the DNS query comes in on eth1 
responds with an internal IP list and if it comes in on eth0 it responds 
with your external IP list.

ie.  DNS request comes in from 66.33.222.23 so the DNS response for 
mail.yourdomain.com is 99.22.11.22.  If it comes from 192.168.0.x then 
it responds 192.168.0.1.

2) This assumes that your firewall/nat gateway allows routing to occur 
in the internal interface and back out the internal interface.  Most of 
the little boxes don't.  And what this means is if you make a request 
that comes from the internal interface for your external IP which is 
port forwarded to an internal address that it'll route it back to the 
internal interface.

ie.  192.168.0.5 makes SMTP request to your mail server's external IP -> 
  99.22.11.22:25 -> which goes to your nat box -> the nat box allows 
forwarding like I described -> request gets NATted to the SMTP box -> 
request goes back out internal interface.

Your setup that you currently DNS should work then.

Since it doesn't you'll need to look at option 1 then instead.  Dig up 
on DNS views.  Or replace your gateway router with a serious fw box.  :) 
  joke joke..


ian


Mike Staver wrote:

> Hello - I think I have a complicated question here, so here goes.  I have 
> a local DSL based network I'm trying to set up.  The local ip range is 
> 192.168.0.1 - 192.168.0.255.  I'm running the following services on one 
> box:
> 
> DNS Server
> Web Server
> Mail Server
> 
> I'm trying my best to figure out how to create a proper zone file that 
> makes all this work - my problem is the external ip, let's say 1.1.1.1 is 
> my external ip - I'm trying to figure out to get all the local machines 
> and all external machines to understand that I'm running a mail server, 
> and that all email going to whatever at newdomain.org should go to that 
> server.  I currently have port forwarding working flawlessly on my dsl 
> router, pointing all the right ports to 192.168.0.25 (my server).  I'm 
> going to register a domain name and have it pointed at my network, so I'm 
> assuming I tell Net Solutions to look to my new dns server at 1.1.1.1.  
> Somehow, I need my zone to work with the local ip range and external ip 
> happily.... here is what I have so far, and I don't think it's correct:
> 
> ----------------------------------------------------------
> ORIGIN .
> $TTL 3600       ; 1 hour
> newdomain.org          IN SOA  elway.oaks.newdomain.org. 
> administrator.oaks.newdomain.org. (
>                                 12         ; serial
>                                 900        ; refresh (15 minutes)
>                                 600        ; retry (10 minutes)
>                                 86400      ; expire (1 day)
>                                 3600       ; minimum (1 hour)
>                                 )
>                         NS      dns.newdomain.org.
>                         NS      elway.oaks.newdomain.org.
> $ORIGIN newdomain.org.
> dns                     A       1.1.1.1
> dsl                     A       1.1.1.1
> mail                    MX      5 1.1.1.1.
> elway.oaks              A       192.168.0.25
> www                     A       1.1.1.1
> ----------------------------------------------------------
> 
> Does anyone have an example of this kind of setup... has anyone been able 
> to successfully pull this off before?
> 
>

More information about the clue-tech mailing list