I have a public IP, both forward and reverse dns. This is my business, not a home account. Here's what I'm trying to do, maybe I should have explained a little better from the start. I have one dns server, 192.168.1.98. It's with the rest of the machines in my main office, behind our firewall. It hosts nittanytravel.com, buchanantravel.com, and gulliverstravel.biz. Everything is set up fine in dns and working. My boss was looking through the logs I have set up and saw that ntlh.nittanytravel.com (the hostname of the server) had roughly 4000 hits so far in October. I told him it was because all of the machines in our main office are going out the firewall, then right back in. They're using an external dns server. So, all of those hits are getting the ip of the router in the logs, being 141.151.228.247. I have that ip address set up in dns linked to all of my domains. I then added int.nittanytravel.com and added a allow-query rule in named.conf to only allow the internal machines to our main office to get to this private dns. It's all in the same server, just different zones. Even after setting all of my machines behind the firewall to use the local dns server, they are still going outside, then back through the firewall, getting the 141 address and showing up as ntlh.nittanytravel.com in the logs, because that's what I have nittanytravel.com's address set to in dns. I finally got all the machines to contact the server, placing their private ip in the logs instead of 141.. by modifying the hosts file on each machine. I didn't want to do this, but it works. Problem 1: Is there a way for me to configure dns so that the machines will talk directly to the server instead of using the hosts file? Problem 2: Locally on the server, I can only ping either private, or public, by modifying the search and domain lines in /etc/resolv.conf. Is there a way that I can see both without modifying this file? I think that's it. If anyone has any questions to help answer mine, I'll do my best to answer them. Thanks, Jake -----Original Message----- From: shrike-list-admin@xxxxxxxxxx [mailto:shrike-list-admin@xxxxxxxxxx] On Behalf Of John Haxby Sent: Thursday, October 09, 2003 5:50 PM To: shrike-list@xxxxxxxxxx Subject: Re: Modified Split DNS Question Jake McHenry wrote: >One other question. I only have one dns server as of right now, behind a >firewall. If any machines that are behind the firewall with the server, they >are going to that server for dns, which is pointing to a public IP. > >This is why I wanted to set the search and domain to search for the private >stuff first. > >The only way I have been able to get around the public IP showing up in the >logs for what should be the private machines is putting the ip and domain >names in the hosts files on the client machines. > >Does anyone know of a way to get around using the hosts files on each >individual machine? > > I'm not entirely sure what you are trying to achieve. However, I have a similar set up. My ISP gives me a domain and a fixed IP address. For my internal nameserver, I just put the various machines at home in that domain, that all have 192.168.0.x IP addresses. So, if the name that my ISP gives me is home.example.com, then the IP address associated with this connects to my firewall. I simply treat home.example.com as an SOA (start of authority) and assign names and IP addresses within that domain. My children's PC, for example, is called sprog.home.example.com and has a 192.168.0.x IP address. The firewall is home.example.com on the outside (with its public IP address) and fluffy.home.example.com on the inside with it's 192.168.0.x IP address. My resolv.conf simply contains "search home.example.com". These internal names aren't visible from the outside for two reasons: my ISP doesn't have NS records pointing to my nameserver and my nameserver isn't accessible through the firewall. Really, it's the NS record associated with home.example.com that would glue my domain into the DNS as a whole, and that is the *only* difference between what I have and what the nameserver at work has. If you're interested, I can send you a copy of my nameserver configuration files, but it's a staightforward set up. You can get everything you need from the Cricket book (DNS and Bind, Cricket Liu and Paul Albitz (I think), published by O'Reilly). jch -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
