> -----Original Message----- > From: shrike-list-admin@xxxxxxxxxx > [mailto:shrike-list-admin@xxxxxxxxxx] On Behalf Of Jake McHenry > Sent: Friday, October 10, 2003 12:11 AM > To: shrike-list@xxxxxxxxxx > Subject: RE: Modified Split DNS Question > > > > -----Original Message----- > > From: shrike-list-admin@xxxxxxxxxx > > [mailto:shrike-list-admin@xxxxxxxxxx] On Behalf Of Jake McHenry > > Sent: Thursday, October 09, 2003 9:30 PM > > To: shrike-list@xxxxxxxxxx > > Subject: RE: Modified Split DNS Question > > > > > > I have a public IP, both forward and reverse dns. This is my > > business, not a home account. Here's what I'm trying to do, > > maybe I should have explained a little better from the start. > > > > I have one dns server, 192.168.1.98. It's with the rest of > > the machines in my main office, behind our firewall. It hosts > > nittanytravel.com, buchanantravel.com, and > > gulliverstravel.biz. Everything is set up fine in dns and working. > > > > My boss was looking through the logs I have set up and saw > > that ntlh.nittanytravel.com (the hostname of the server) had > > roughly 4000 hits so far in October. I told him it was > > because all of the machines in our main office are going out > > the firewall, then right back in. They're using an external > > dns server. So, all of those hits are getting the ip of the > > router in the logs, being 141.151.228.247. I have that ip > > address set up in dns linked to all of my domains. > > > > I then added int.nittanytravel.com and added a allow-query > > rule in named.conf to only allow the internal machines to our > > main office to get to this private dns. It's all in the same > > server, just different zones. > > > > Even after setting all of my machines behind the firewall to > > use the local dns server, they are still going outside, then > > back through the firewall, getting the 141 address and > > showing up as ntlh.nittanytravel.com in the logs, because > > that's what I have nittanytravel.com's address set to in dns. > > > > I finally got all the machines to contact the server, placing > > their private ip in the logs instead of 141.. by modifying > > the hosts file on each machine. I didn't want to do this, but > > it works. > > > > Problem 1: Is there a way for me to configure dns so that the > > machines will talk directly to the server instead of using > > the hosts file? > > > > Problem 2: Locally on the server, I can only ping either > > private, or public, by modifying the search and domain lines > > in /etc/resolv.conf. Is there a way that I can see both > > without modifying this file? > > > > > > > > I think that's it. If anyone has any questions to help answer > > mine, I'll do my best to answer them. > > > > Thanks, > > Jake > > > > > > -----Original Message----- > > From: shrike-list-admin@xxxxxxxxxx > > [mailto:shrike-list-admin@xxxxxxxxxx] On Behalf Of John Haxby > > Sent: Thursday, October 09, 2003 5:50 PM > > To: shrike-list@xxxxxxxxxx > > Subject: Re: Modified Split DNS Question > > > > Jake McHenry wrote: > > > > >One other question. I only have one dns server as of right > > now, behind > > >a firewall. If any machines that are behind the firewall with the > > >server, > > they > > >are going to that server for dns, which is pointing to a public IP. > > > > > >This is why I wanted to set the search and domain to search for the > > > >private stuff first. > > > > > >The only way I have been able to get around the public IP > > showing up in > > >the logs for what should be the private machines is putting > > the ip and > > >domain names in the hosts files on the client machines. > > > > > >Does anyone know of a way to get around using the hosts > > files on each > > >individual machine? > > > > > > > > > > I'm not entirely sure what you are trying to achieve. > > However, I have > > a similar set up. My ISP gives me a domain and a fixed IP > > address. > > For my internal nameserver, I just put the various machines > > at home in > > that domain, that all have 192.168.0.x IP addresses. > > > > So, if the name that my ISP gives me is home.example.com, then the > IP > > address associated with this connects to my firewall. I > > simply treat > > home.example.com as an SOA (start of authority) and assign > > names and IP > > addresses within that domain. My children's PC, for > > example, is called > > sprog.home.example.com and has a 192.168.0.x IP address. > > The firewall > > is home.example.com on the outside (with its public IP address) and > > fluffy.home.example.com on the inside with it's 192.168.0.x IP > > address. My resolv.conf simply contains "search > > home.example.com". > > These internal names aren't visible from the outside for two > > reasons: my > > ISP doesn't have NS records pointing to my nameserver and my > > nameserver > > isn't accessible through the firewall. Really, it's the NS record > > associated with home.example.com that would glue my domain > > into the DNS > > as a whole, and that is the *only* difference between what I have > and > > what the nameserver at work has. > > > > If you're interested, I can send you a copy of my nameserver > > configuration files, but it's a staightforward set up. You can get > > everything you need from the Cricket book (DNS and Bind, > > Cricket Liu and > > Paul Albitz (I think), published by O'Reilly). > > > > jch > > > > > > -- > > Shrike-list mailing list > > Shrike-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/shrike> -list > > > > > > -- > > > > Shrike-list mailing list > > Shrike-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/shrike-list > > > > Sorry everyone, I have seen the light and following. For all those > people out there that don't responde to top posts, please consider > reading what I sent above... I don't want to resend it and face the > jury again.... > > Thanks, > > Jake McHenry > Nittany Travel MIS Coordinator > http://www.nittanytravel.com > > > -- > Shrike-list mailing list > Shrike-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/shrike-list > I think I got everything working on the server, I can ping both sides now. I had a typo. Sorry everyone. My second question still stands though, is there a way for me to have dns work for all the client machines without using the hosts file on the windows boxes? I have to have the public ip in my dns records, otherwise no one would be able to get to it. And if I don't have the hosts files configured on the client windows machines, they get the public address for the domain. So unless I'm missing something, I either have to set up all the client machines hosts files, or set up all the client machines to go to the int.nittanytravel.com domain instead of the regular nittanytravel.com domain. I think I'll stick with the hosts files because that way I can have them download the file when they log into the domain. I can't really update their favorites, and shortcuts on desktops as easily. So unless someone knows a way around all this, I guess this is how I'm going to do things. :-/ Jake McHenry Nittany Travel MIS Coordinator http://www.nittanytravel.com -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
