Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

local domains

1 view
Skip to first unread message

Oliver Vecernik

unread,
May 10, 2005, 1:54:56 PM5/10/05
to
Hi,

www.mydomain.com and mail.mydomain.com are maintained from my ISP. My
private network is behind a router with NAT and I set up BIND 9.2.5
(FC3) with intra.net as domain name. Everthing works as expected.

My question is if it's possible to name my private lan also with my
official domain (e.g. mydomain.com)? Internal users should look up my
DNS and external ones use the DNS from my ISP. But this doesn't work for
www and mail from inside at the moment. Here is my configuration:

# cat /etc/named.conf
options {
directory "/var/named";
forwarders {
195.3.95.68;
213.33.98.136;
};
query-source port 53;
};

zone "." {
type hint;
file "named.ca";
};

zone "mydomain.com" {
type master;
file "mydomain.com.zone";
};

zone "0.168.192.in-addr.arpa" {
type master;
file "0.168.192.in-addr.arpa";
};

# cat /var/named/mydomain.com.zone
$TTL 86400
@ IN SOA p500.mydomain.com. root.mydomain.com. (
2005031812 ; serial
300 ; refresh after 5 minutes
60 ; retry after 1 minute
1209600 ; expire after 2 weeks
43200 ) ; minimum TTL of a half day

IN NS p500.mydomain.com.

IN MX 5 p500.mydomain.com.

IN A 192.168.0.3

wgt624 IN A 192.168.0.1
p500 IN A 192.168.0.3
oj IN A 192.168.0.5
lanmodem IN A 192.168.254.1
www IN A 81.223.238.230 ; does not work!

mail IN CNAME p500
pop IN CNAME p500
imap IN CNAME p500
router IN CNAME wgt624

# cat /var/named/0.168.192.in-addr.arpa
$TTL 86400
@ IN SOA p500.mydomain.com. root.mydomain.com. (
2005031808 ; serial number
300 ; refresh
60 ; retry
1209600 ; expire
43200 ; minimum TTL for negative answers
)
IN NS p500.mydomain.com.

1 IN PTR wgt624.mydomain.com.
3 IN PTR p500.mydomain.com.
5 IN PTR oj.mydomain.com.

Is this possible?

Oliver.


David Botham

unread,
May 10, 2005, 2:23:51 PM5/10/05
to
bind-use...@isc.org wrote on 05/10/2005 01:54:56 PM:
> Hi,
>
> www.mydomain.com and mail.mydomain.com are maintained from my ISP. My
> private network is behind a router with NAT and I set up BIND 9.2.5
> (FC3) with intra.net as domain name. Everthing works as expected.

Do you actually own the domain name "intra.net". If not, and you want to
go to "www.intra.net", you could be in trouble.


>
> My question is if it's possible to name my private lan also with my
> official domain (e.g. mydomain.com)? Internal users should look up my
> DNS and external ones use the DNS from my ISP. But this doesn't work for

Yes. This setup is called a split DNS.


Your internal zone file for your domain contains the *best* information.
That is, for an internal server you have an internal IP. However, for
your www and mail you have an external IP.

You will have to show me the output of your tests that show this does not
work. It should work.


>
> mail IN CNAME p500
> pop IN CNAME p500
> imap IN CNAME p500
> router IN CNAME wgt624
>
> # cat /var/named/0.168.192.in-addr.arpa
> $TTL 86400
> @ IN SOA p500.mydomain.com. root.mydomain.com. (
> 2005031808 ; serial number
> 300 ; refresh
> 60 ; retry
> 1209600 ; expire
> 43200 ; minimum TTL for negative answers
> )
> IN NS p500.mydomain.com.
>
> 1 IN PTR wgt624.mydomain.com.
> 3 IN PTR p500.mydomain.com.
> 5 IN PTR oj.mydomain.com.
>
> Is this possible?

Yup.


hth,


dave...


>
> Oliver.
>
>

Oliver Vecernik

unread,
May 10, 2005, 2:51:59 PM5/10/05
to
David Botham schrieb:

> Do you actually own the domain name "intra.net". If not, and you want to
> go to "www.intra.net", you could be in trouble.

That's why I'm asking.

> Yes. This setup is called a split DNS.

Good.

> Your internal zone file for your domain contains the *best* information.
> That is, for an internal server you have an internal IP. However, for
> your www and mail you have an external IP.

>> www IN A 81.223.238.230 ; does not work!


>
> You will have to show me the output of your tests that show this does not
> work. It should work.

Trying to ping www.vecernik.at works, but surfing does not work
(timeout). If I change from direct connection using my ISP's proxy (with
Firefox 1.0.3 on XPPro) it works! Why is direct surfing not possible
anymore?

What kind of output do you mean? I activated querylog, but I can't see
the answers from my DNS in /var/log/messages.


Oliver.


Sten Carlsen

unread,
May 10, 2005, 5:06:50 PM5/10/05
to
Yes, I do that.

Internal and external views have very different sets of hosts and names.
E.g. mail..... is visible from inside and outside, with different IPs.
This means that my laptop will read mail without ANY changes in setup
wether it is on my own lan or anywhere else in the world.

Contrary to what I believed, you can have the exactly same names and
structure or a very different in internal vs. external zone.

Use views, create one internal and one external view.

Good luck, for me it worked first time.


Oliver Vecernik wrote:

>Hi,
>
>www.mydomain.com and mail.mydomain.com are maintained from my ISP. My
>private network is behind a router with NAT and I set up BIND 9.2.5
>(FC3) with intra.net as domain name. Everthing works as expected.
>

>My question is if it's possible to name my private lan also with my
>official domain (e.g. mydomain.com)? Internal users should look up my
>DNS and external ones use the DNS from my ISP. But this doesn't work for

>www IN A 81.223.238.230 ; does not work!
>

>mail IN CNAME p500
>pop IN CNAME p500
>imap IN CNAME p500
>router IN CNAME wgt624
>
># cat /var/named/0.168.192.in-addr.arpa
>$TTL 86400
>@ IN SOA p500.mydomain.com. root.mydomain.com. (
> 2005031808 ; serial number
> 300 ; refresh
> 60 ; retry
> 1209600 ; expire
> 43200 ; minimum TTL for negative answers
>)
> IN NS p500.mydomain.com.
>
> 1 IN PTR wgt624.mydomain.com.
> 3 IN PTR p500.mydomain.com.
> 5 IN PTR oj.mydomain.com.
>
>Is this possible?
>

>Oliver.
>
>
>
>

--
Best regards

Sten Carlsen

Let HIM who has an empty INBOX send the first mail.


David Botham

unread,
May 11, 2005, 9:42:19 AM5/11/05
to
bind-use...@isc.org wrote on 05/10/2005 02:51:59 PM:
> David Botham schrieb:
> > Do you actually own the domain name "intra.net". If not, and you want
to
> > go to "www.intra.net", you could be in trouble.
>
> That's why I'm asking.

OK, then, to be clear, do not use a domain that could possibly collide
with someone else's name space.

>
> > Yes. This setup is called a split DNS.
>
> Good.
>
> > Your internal zone file for your domain contains the *best*
information.
> > That is, for an internal server you have an internal IP. However, for

> > your www and mail you have an external IP.
>

> >> www IN A 81.223.238.230 ; does not work!
> >

> > You will have to show me the output of your tests that show this does
not
> > work. It should work.
>
> Trying to ping www.vecernik.at works, but surfing does not work

I you can ping by domain name than I would assume that DNS resolution is
working (unless you have hosts file entries I / we don't know about).


> (timeout). If I change from direct connection using my ISP's proxy (with
> Firefox 1.0.3 on XPPro) it works! Why is direct surfing not possible
> anymore?

I don't think I have enough information about your network to determine
why your web browser cannot communicate with your web site. However, you
mentioned that you are using a Proxy. I would look closely at your proxy
configuration, firewall, or other access devices that could be causing the
problem. It does not look like DNS is the problem.

>
> What kind of output do you mean? I activated querylog, but I can't see
> the answers from my DNS in /var/log/messages.


Typically when someone indicates that name resolution is not working they
have tested with nslookup or (preferably) dig. I was wondering if you
could send me the ouput of a dig or nslookup test that failed for the
domain name in question.


hth,


Dave...


>
>
> Oliver.
>
>

0 new messages