From owner-freebsd-questions@FreeBSD.ORG Wed Jun 28 17:20:21 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5128F16A607 for ; Wed, 28 Jun 2006 17:20:21 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6CF2444DE1 for ; Wed, 28 Jun 2006 17:20:19 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.pc (host5.bedc.ondsl.gr [62.103.39.229]) (authenticated bits=128) by igloo.linux.gr (8.13.7/8.13.7/Debian-1) with ESMTP id k5SHK1PV017234 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 28 Jun 2006 20:20:06 +0300 Received: from gothmog.pc (gothmog [127.0.0.1]) by gothmog.pc (8.13.7/8.13.7) with ESMTP id k5SHJsMH001549; Wed, 28 Jun 2006 20:19:54 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.pc (8.13.7/8.13.7/Submit) id k5SHJsfg001548; Wed, 28 Jun 2006 20:19:54 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Wed, 28 Jun 2006 20:19:53 +0300 From: Giorgos Keramidas To: Drew Tomlinson Message-ID: <20060628171953.GA1527@gothmog.pc> References: <449C0711.3080803@mykitchentable.net> <20060623155433.GA30666@gothmog.pc> <449C5C69.1030702@mykitchentable.net> <20060628144302.GC1161@gothmog.pc> <44A2B819.8070809@mykitchentable.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44A2B819.8070809@mykitchentable.net> X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (score=-3.49, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.91, BAYES_00 -2.60) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Cc: freebsd-questions@freebsd.org Subject: Re: Simple DNS For Private LAN X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jun 2006 17:20:21 -0000 On 2006-06-28 10:10, Drew Tomlinson wrote: >On 6/28/2006 7:43 AM Giorgos Keramidas wrote: >>> So assuming I understand correctly, yes, please guide me in setting >>> up a local master zone. >> >> Assuming that your local home network uses addresses in the >> 192.168.0.0/16 range, you have to set up a local name server which >> will recognize and reply for the following zones: >> >> "drew." # "*.drew" are local home network names >> 192.168.0.* # reverse IP address -> name for home hosts >> 127.0.0.* # localhost zone (optional) > > I use virtual servers with Apache. To access those from the inside, > I have to use the same URL as is used on the outside. So from the > Internet, I need drew.mykitchentable.net to resolve to my public IP > but on the inside, I need it to resolve to 192.168.0.x. Thus it seems > to me that the .drew zone won't work for my setup. Or am I missing > something? It will probably work, as long as the internal machines have an internal nameserver as the first `nameserver' entry of their `resolv.conf' file. If you are planning to use the same domain name for both the internal and externally visible IP addresses, it's not a very good idea though. Overloading a domain with inside addresses means that when you are `inside' the local network, you can only see the internal IP addresses :( > Can I set up my server to be authoritative for .mykitchentable.net > instead of .drew but only be visible from the inside? Yes. But then you will only be able to see internal IP addresses when you ask for `whatever.mykitchentable.net'. The external webserver with the same name will be "masked" by the internal name server. > Obviously if it responded to queries from the Internet, I'd really > have a mess. What do you recommend? I generally go for locally visible internal domain names, to avoid the "masking" problems mentioned above. As long as your internal DNS server blocks queries from everyone except the internal network (i.e. using the `allow-query' option in either the global "options { ... }" section or for the internal zone entry in `named.conf'), this should work.