From owner-freebsd-questions Mon Aug 6 23:45:58 2001 Delivered-To: freebsd-questions@freebsd.org Received: from ares.blahz.ab.ca (h24-64-70-105.cg.shawcable.net [24.64.70.105]) by hub.freebsd.org (Postfix) with SMTP id BE13537B401 for ; Mon, 6 Aug 2001 23:45:54 -0700 (PDT) (envelope-from bsd-lists@blahz.ab.ca) Received: (qmail 23078 invoked from network); 7 Aug 2001 06:45:58 -0000 Received: from unknown (HELO zeus) (24.64.68.214) by ares.blahz.ab.ca with SMTP; 7 Aug 2001 06:45:58 -0000 From: "Mike Roest" To: Subject: RE: natd redirect_port only works from the outside Date: Tue, 7 Aug 2001 00:49:02 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20010806233713.C449@blossom.cjclark.org> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The problem with that is if you assign a pair of records like this: www IN A 63.105.29.28 www IN A 192.168.0.10 There is a 50/50 chance (give or take) that an external host will do a dns lookup and grab the internal 192.168.0.10 IP. There are 2 way's around this. 1) Run a internal only DNS server that all hosts behind the gateway use to lookup local services. 2) run 2 bind processes on the gateway box. One process bound to the external IP nic and one bound to the internal IP NIC. This is accomplished through the listen-on directive in bind 9 found on page 54 of the bind 9 reference manual. Then assign in your whois record the external box as the primary DNS server for the zone. In both situations you will have to assign all the internal boxes to use the Internal only DNS server as their main DNS. So most likely the internal DNS would need to be a caching server as well. Hope this helps --Mike -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Crist J. Clark Sent: Tuesday, August 07, 2001 12:37 AM To: Tabor Kelly Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd redirect_port only works from the outside On Mon, Aug 06, 2001 at 06:14:13PM -0700, Tabor Kelly wrote: [snip] > > In split DNS, somehost.mydom.org will > > map to 63.105.29.28 for the outside world and 192.168.0.10 (or > > whatever) for your local net. > > I understand this, I was wondering if this can be done off of one bind > service, or if I will need to run 2. I am sorry if this is a silly > question, I have not set bind up yet. Yes, you can do it with one named(8) process. You pretty much have to since only one can be listening on port 53 at a time. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message