> -----Original Message----- > From: shrike-list-admin@xxxxxxxxxx > [mailto:shrike-list-admin@xxxxxxxxxx] On Behalf Of Jake McHenry > Sent: Thursday, October 09, 2003 9:30 PM > To: shrike-list@xxxxxxxxxx > Subject: RE: Modified Split DNS Question > > > I have a public IP, both forward and reverse dns. This is my > business, not a home account. Here's what I'm trying to do, > maybe I should have explained a little better from the start. > > I have one dns server, 192.168.1.98. It's with the rest of > the machines in my main office, behind our firewall. It hosts > nittanytravel.com, buchanantravel.com, and > gulliverstravel.biz. Everything is set up fine in dns and working. > > My boss was looking through the logs I have set up and saw > that ntlh.nittanytravel.com (the hostname of the server) had > roughly 4000 hits so far in October. I told him it was > because all of the machines in our main office are going out > the firewall, then right back in. They're using an external > dns server. So, all of those hits are getting the ip of the > router in the logs, being 141.151.228.247. I have that ip > address set up in dns linked to all of my domains. > > I then added int.nittanytravel.com and added a allow-query > rule in named.conf to only allow the internal machines to our > main office to get to this private dns. It's all in the same > server, just different zones. > > Even after setting all of my machines behind the firewall to > use the local dns server, they are still going outside, then > back through the firewall, getting the 141 address and > showing up as ntlh.nittanytravel.com in the logs, because > that's what I have nittanytravel.com's address set to in dns. > > I finally got all the machines to contact the server, placing > their private ip in the logs instead of 141.. by modifying > the hosts file on each machine. I didn't want to do this, but > it works. > > Problem 1: Is there a way for me to configure dns so that the > machines will talk directly to the server instead of using > the hosts file? > > Problem 2: Locally on the server, I can only ping either > private, or public, by modifying the search and domain lines > in /etc/resolv.conf. Is there a way that I can see both > without modifying this file? > > > > I think that's it. If anyone has any questions to help answer > mine, I'll do my best to answer them. > > Thanks, > Jake > > > -----Original Message----- > From: shrike-list-admin@xxxxxxxxxx > [mailto:shrike-list-admin@xxxxxxxxxx] On Behalf Of John Haxby > Sent: Thursday, October 09, 2003 5:50 PM > To: shrike-list@xxxxxxxxxx > Subject: Re: Modified Split DNS Question > > Jake McHenry wrote: > > >One other question. I only have one dns server as of right > now, behind > >a firewall. If any machines that are behind the firewall with the > >server, > they > >are going to that server for dns, which is pointing to a public IP. > > > >This is why I wanted to set the search and domain to search for the > >private stuff first. > > > >The only way I have been able to get around the public IP > showing up in > >the logs for what should be the private machines is putting > the ip and > >domain names in the hosts files on the client machines. > > > >Does anyone know of a way to get around using the hosts > files on each > >individual machine? > > > > > > I'm not entirely sure what you are trying to achieve. > However, I have > a similar set up. My ISP gives me a domain and a fixed IP > address. > For my internal nameserver, I just put the various machines > at home in > that domain, that all have 192.168.0.x IP addresses. > > So, if the name that my ISP gives me is home.example.com, then the IP > address associated with this connects to my firewall. I > simply treat > home.example.com as an SOA (start of authority) and assign > names and IP > addresses within that domain. My children's PC, for > example, is called > sprog.home.example.com and has a 192.168.0.x IP address. > The firewall > is home.example.com on the outside (with its public IP address) and > fluffy.home.example.com on the inside with it's 192.168.0.x IP > address. My resolv.conf simply contains "search > home.example.com". > These internal names aren't visible from the outside for two > reasons: my > ISP doesn't have NS records pointing to my nameserver and my > nameserver > isn't accessible through the firewall. Really, it's the NS record > associated with home.example.com that would glue my domain > into the DNS > as a whole, and that is the *only* difference between what I have and > what the nameserver at work has. > > If you're interested, I can send you a copy of my nameserver > configuration files, but it's a staightforward set up. You can get > everything you need from the Cricket book (DNS and Bind, > Cricket Liu and > Paul Albitz (I think), published by O'Reilly). > > jch > > > -- > Shrike-list mailing list > Shrike-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/shrike> -list > > > -- > > Shrike-list mailing list > Shrike-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/shrike-list > Sorry everyone, I have seen the light and following. For all those people out there that don't responde to top posts, please consider reading what I sent above... I don't want to resend it and face the jury again.... Thanks, Jake McHenry Nittany Travel MIS Coordinator http://www.nittanytravel.com -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
