Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

DNS w/non-routable IP's?

83 views
Skip to first unread message

~*~

unread,
Nov 19, 1998, 3:00:00 AM11/19/98
to
Hi folks, here is the deal.

DS3 from <ISP> going to our firewall - Checkpoint/1. Machines behind the
firewall are using non-routable IPs (192.168.*) - one of these machines will
be the master for the domain/zone <domain.com>. What we will do is list
ns1.<isp>.net & ns2.<isp>.net as secondaries for the zone, but primaries in
terms of nameservers for our internet domain. So, any queries will go to
them first - ie, not all queries will be going thru the firewall all the
time. I am good to go up to this point. I know how to allow them access etc
etc etc.

But.

Since we are using 192.168.* internally, and my master DNS server has only
1 IP address, and it obviously needs to have an external one - how do I
handle this? Do I give it one of the block of IPs that we have in
<external> DNS and have it listed as 192.168.x.x in <internal> DNS? Clearly
external folks have to get to it, for that it needs a regular address, but
behind the firewall it has a 192.168.* address - and I need to refer to it
via DNS both externally and internally. What the hell do I do? Give it an
external IP that the firewall will route to the internal IP?

How then would I configure DNS? Help!

Thanks,
-R


--
main(v,c)char**c;{for(v[c++]="rick tait <ri...@gnu.org>\n)";(!!c)[*c]&&
(v--||--c&& execlp(*c,*c,c[!!c]+!!c,!c));* *c=!c)write(!!*c,*c,!!**c);}


Barry Margolin

unread,
Nov 20, 1998, 3:00:00 AM11/20/98
to
In article <731ns7$kvn$1...@entertainment-tonight.ai.mit.edu>,

~*~ <ri...@charlie-brown.gnu.ai.mit.edu> wrote:
>Since we are using 192.168.* internally, and my master DNS server has only
>1 IP address, and it obviously needs to have an external one - how do I
>handle this? Do I give it one of the block of IPs that we have in
><external> DNS and have it listed as 192.168.x.x in <internal> DNS? Clearly
>external folks have to get to it, for that it needs a regular address, but
>behind the firewall it has a 192.168.* address - and I need to refer to it
>via DNS both externally and internally. What the hell do I do? Give it an
>external IP that the firewall will route to the internal IP?

The only external folks who have to get to it are your ISP's servers, since
they're the ones that will be the registered servers. When they configure
their slave servers, they'll enter the external IP address, so the name
doesn't matter.

So you can put your internal address in the DNS entry for the machine, so
your users can get to it.

--
Barry Margolin, bar...@bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Don't bother cc'ing followups to me.


0 new messages