Re: [MLUG] DNS question

[Nimrod Levy <EMAIL:PROTECTED>]

This is a pretty classic problem that I've faced before.  One solution
is to run seperate DNS servers.  One for external, one internal.
An added wrinkle is when you have laptops that migrate from internal to
external.  That can be circumvented with DHCP internaly.  Then there's
the issue of what happens when you establish a VPN, is the laptop
internal or external?  Makes your head want to explode.  

The most elegant solution by far that I've come up with is using Bind
9's views feature.  It lets you serve a different zone file for the same
zone based on the souce of the request.  You still have multiple zone
files, but they're in one place now.

I'm interested in any other solutions myself.

Nimrod

On Mon, Feb 11, 2002 at 01:37:19PM -0600, yoda wrote:
> Hullo. I was wondering about how the search line in /etc/resolv.conf
> works. I was under the impression it searched what was in there first,
> before trying just the exact name.
> 
> For example:
> if resolv.conf reads:
> search foo.bar
> nameserver 127.0.0.1
> 
> and I tried:
> ping www.kernel.org
> 
> I was under the impression it'd try
> www.kernel.org.foo.bar
> and then
> www.kernel.org
> 
> I wanted to change this behaviour because our (masq'ing) firewall forwards
> port 80 to an internal machine, and it seems not to work when an internal
> machine attempts to connect to the external ip of the firewall.
> 
> I added an alias for tinydns, but when I ping, it still comes back from
> the external ip of the firewall.
> 
> If anyone knows why or (even better) knows a better way of fixing the
> port forwarding+masq'ing problem, I'd appreciate the help.
> 
> --
> To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
> 
> Archives are available at http://mlug.missouri.edu/list-archives/
--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/