Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by p.. » Sun, 02 Jan 2000 04:00:00



On Thursday, Mr. Smith responded to the following (not my question):

Quote:> I connect to internet thru my dialup to my ISP, and I don't have a
> registered domain name.  I am just wondering if it's possible at all
to
> set up a DNS server (on the machine that connects to internet, of
> course).  I have already set it up as my DHCP server, and am
struggling
> with IP masquerading right now.

> Thanks very much for any pointers.  BTW, I am using COL 2.3.

with:

Sure. There are at least two configurations you might want to consider:

1) A caching-only nameserver. In this configuration, your nameserver
   doesn't have its own entries, it just caches entries for use on your
   local network, to reduce network use in DNS lookups.
2) A private domain nameserver. In this setup, you make up a domain
name,
   such as foo.bar. (Note that your fictitious domain should use a
   nonexistent top-level domain, like bar in my example, not a real
   top-level domain like com, edu, or whatnot.) You can then serve the
   names of machines on your private network, in addition to caching
   external names, as a caching-only nameserver does.

I have set up the caching-only nameserver as discussed in (1).  My issue
is with (2).  I've tried several ways to set up fake domain but have not
had success.  The how-to advises against fake domains and so does not
outline how to do it.  How is the caching-only nameserver set up so that
it still performs its intended function yet also resolve a fake domain
for an intranet web page that is only accessible only the local LAN?
What is the syntax for essentially hardcoding a fake domain into a setup
that caches external names?

Any assistance that you can provide is appreciated.  Thank you.

 
 
 

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by p.. » Sun, 02 Jan 2000 04:00:00


<snip>

Quote:

> I don't know what you mean by the HOWTO recommending against fake domain
> names; I just searched through it and couldn't find any such
> recommendation, although I might have missed it (I searched for the word
> "domain" and skimmed the sentence or so surrounding each occurrence). In
> fact, the HOWTO uses a fake domain as an example in section 4.2 (the
> domain linux.bogus), although it's not clear from my skimming if it's
> intended as an example that must be replaced by a registered domain or
> not.
> <snip>

I stand corrected.  it should have read "The how-to uses fake domain names and
did not seem to explicitly outline how to do a domain internal to an office."
I mixed previous readings and the how-to.  My error.

 
 
 

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by Rod Smi » Mon, 03 Jan 2000 04:00:00




Quote:> On Thursday, Mr. Smith responded to the following (not my question):

> with:

> Sure. There are at least two configurations you might want to consider:

> 1) A caching-only nameserver. In this configuration, your nameserver
>    doesn't have its own entries, it just caches entries for use on your
>    local network, to reduce network use in DNS lookups.
> 2) A private domain nameserver. In this setup, you make up a domain
> name,
>    such as foo.bar. (Note that your fictitious domain should use a
>    nonexistent top-level domain, like bar in my example, not a real
>    top-level domain like com, edu, or whatnot.) You can then serve the
>    names of machines on your private network, in addition to caching
>    external names, as a caching-only nameserver does.

> I have set up the caching-only nameserver as discussed in (1).  My issue
> is with (2).  I've tried several ways to set up fake domain but have not
> had success.  The how-to advises against fake domains and so does not
> outline how to do it.  How is the caching-only nameserver set up so that
> it still performs its intended function yet also resolve a fake domain
> for an intranet web page that is only accessible only the local LAN?
> What is the syntax for essentially hardcoding a fake domain into a setup
> that caches external names?

You set it up just like any other domain; check the documentation for DNS
(the HOWTO, the DNS & Bind book, etc.). It's important that you set it up
only to respond to internal network requests, though, not external
requests (although in principle you probably shouldn't be getting external
requests).

I don't know what you mean by the HOWTO recommending against fake domain
names; I just searched through it and couldn't find any such
recommendation, although I might have missed it (I searched for the word
"domain" and skimmed the sentence or so surrounding each occurrence). In
fact, the HOWTO uses a fake domain as an example in section 4.2 (the
domain linux.bogus), although it's not clear from my skimming if it's
intended as an example that must be replaced by a registered domain or
not.

--

http://members.bellatlantic.net/~smithrod
Author of books on Linux networking & WordPerfect for Linux

 
 
 

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by Rootma » Mon, 03 Jan 2000 04:00:00


I solved the problem by not using a DNS server but by using a Domain
Name Relay Deamon. The one I choose is DNRD (
http://members.home.com/garsh/dnrd/ ) , it simply relays DNS requests
from your ISP's provided DNS server through to your masq clients.  I
especially like it because it forwards local DNS resolution from the
hosts HOSTS file, thus eliminating the need for individual HOSTS files
on each client.  If you lan is small this is by far the easiest way to
go.  To run dnrd for local resolution simple run it on the host machine
and make sure your HOSTS file is up to date on it.  To add outside DNS
support pass the DNS server IP's to it (if you use a dialup call it
again in the ip-up script) like so: dnrd -s XXX.XXX.XXX.XXX where XXX is
the DNS IP numbers.  Set all your clients to look at your host machine.
 This is especially helpful when you have multiple dialups and don't
want to update each clients DNS entries.  It also caches DNS requests
and thus speeds up DNS resolution.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


> On Thursday, Mr. Smith responded to the following (not my question):

> > I connect to internet thru my dialup to my ISP, and I don't have a
> > registered domain name.  I am just wondering if it's possible at all
> to
> > set up a DNS server (on the machine that connects to internet, of
> > course).  I have already set it up as my DHCP server, and am
> struggling
> > with IP masquerading right now.

> > Thanks very much for any pointers.  BTW, I am using COL 2.3.

> with:

> Sure. There are at least two configurations you might want to
consider:

> 1) A caching-only nameserver. In this configuration, your nameserver
>    doesn't have its own entries, it just caches entries for use on
your
>    local network, to reduce network use in DNS lookups.
> 2) A private domain nameserver. In this setup, you make up a domain
> name,
>    such as foo.bar. (Note that your fictitious domain should use a
>    nonexistent top-level domain, like bar in my example, not a real
>    top-level domain like com, edu, or whatnot.) You can then serve the
>    names of machines on your private network, in addition to caching
>    external names, as a caching-only nameserver does.

> I have set up the caching-only nameserver as discussed in (1).  My
issue
> is with (2).  I've tried several ways to set up fake domain but have
not
> had success.  The how-to advises against fake domains and so does not
> outline how to do it.  How is the caching-only nameserver set up so
that
> it still performs its intended function yet also resolve a fake domain
> for an intranet web page that is only accessible only the local LAN?
> What is the syntax for essentially hardcoding a fake domain into a
setup
> that caches external names?

> Any assistance that you can provide is appreciated.  Thank you.

Sent via Deja.com http://www.deja.com/
Before you buy.
 
 
 

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by Nastar » Mon, 03 Jan 2000 04:00:00


another option would be to get a dhs.org domain to play with.  its fun and
educational

> On Thursday, Mr. Smith responded to the following (not my question):

> > I connect to internet thru my dialup to my ISP, and I don't have a
> > registered domain name.  I am just wondering if it's possible at all
> to
> > set up a DNS server (on the machine that connects to internet, of
> > course).  I have already set it up as my DHCP server, and am
> struggling
> > with IP masquerading right now.

> > Thanks very much for any pointers.  BTW, I am using COL 2.3.

> with:

> Sure. There are at least two configurations you might want to consider:

> 1) A caching-only nameserver. In this configuration, your nameserver
>    doesn't have its own entries, it just caches entries for use on your
>    local network, to reduce network use in DNS lookups.
> 2) A private domain nameserver. In this setup, you make up a domain
> name,
>    such as foo.bar. (Note that your fictitious domain should use a
>    nonexistent top-level domain, like bar in my example, not a real
>    top-level domain like com, edu, or whatnot.) You can then serve the
>    names of machines on your private network, in addition to caching
>    external names, as a caching-only nameserver does.

> I have set up the caching-only nameserver as discussed in (1).  My issue
> is with (2).  I've tried several ways to set up fake domain but have not
> had success.  The how-to advises against fake domains and so does not
> outline how to do it.  How is the caching-only nameserver set up so that
> it still performs its intended function yet also resolve a fake domain
> for an intranet web page that is only accessible only the local LAN?
> What is the syntax for essentially hardcoding a fake domain into a setup
> that caches external names?

> Any assistance that you can provide is appreciated.  Thank you.

 
 
 

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by Rod Smi » Mon, 03 Jan 2000 04:00:00




Quote:

>> > I connect to internet thru my dialup to my ISP, and I don't have a
>> > registered domain name.  I am just wondering if it's possible at all
>> to
>> > set up a DNS server (on the machine that connects to internet, of
>> > course).  I have already set it up as my DHCP server, and am
>> struggling
>> > with IP masquerading right now.

> another option would be to get a dhs.org domain to play with.  its fun and
> educational

Getting a domain name (either your own or a subdomain of any of several
services like the one you mention for dynamic IP addresses) is an entirely
different issue than setting up a DNS server. You set up a DNS server
either to tell others what your machines are or to serve machines on your
local network. You get a domain name in order to provide some way for
others to address your computers, for e-mail, web serving, etc. You can
obtain a domain name without setting up a DNS server (by letting somebody
else handle that aspect of it), or you can set up a DNS server without
having your own domain name (a caching-only nameserver for a small private
IP masqueraded network, say). Mid-size and larger organizations usually do
both.

--

http://members.bellatlantic.net/~smithrod
Author of books on Linux networking & WordPerfect for Linux

 
 
 

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by Yan Seine » Tue, 04 Jan 2000 04:00:00


It's a pain to set up but it does work.

I found the SAG (Linux Systems Administrator's Guide) and NAG (Network
Administrator's Guide) to be invaluable ( i have hardcopies, as
development on both seems to have been abandoned).  One in particular (I
forget which) gives a step by step cookbook for setting up DNS.  URLs
anyone?

You have to set up a complete DNS database, including reverse lookups.
It's not hard, just a hard read.

With bind 8, you can limit the interfaces it listens to very easily.

As someone else pointed out, use a bogus top level domain, then set
youself up as the top level domain server.  I use .LAN and .WAN (I think
something like this should be in the RFC so that all the other DNS
servers could ignore spurious requests, much like the 192.168. IP
block...)

I should have my DNS config on my website in a few days or a week.

--Yan

 
 
 

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by Patrick McNamar » Tue, 04 Jan 2000 04:00:00


I have done exactly what you are trying to do.  Originally the dialup
machine was NT4.0 and has MS DNS running on it, I have since moved the dns
over to linux.  This is one case where the ideas work the same way on NT or
Linux, though the setup is a bit different.  There is one catch to this
setup:  The machine connected to the net can't use the internal DNS server;
I'll explain why in a minute.  Now for what I had to do.

The machine that will be serving as your DNS and dialup machine (I'll call
it Hal for lack of a better name) needs to have two IPs.  I did this by
binding to IPs to the same NIC.  The only thing run on the second IP is your
local DNS.  Set up your local DNS and get it working, don't worry about
outside resolution yet.  Once this works, edit the root namserver list (I
just went braindead and can't remember the filename).  The only entry you
want in this file is either your ISPs namserver or the other IP of Hal,
depending on how your routes/masquerading is set up.  Point all other
machines DNS at the second IP for Hal.

In this setup, the local server answers all domain lookup requests.  If it
can't find it in the local domain (or its cache) it forwards it on to what
it thinks is root DNS server, it doesn't care that its not.  I made the
comment that the machine connecting to the net can't use the local DNS
server.  The reason being that if it does use the internal server and can't
resolve a name the request gets sent back to the local server and you end up
in an infinite loop of lookups.


re-post.

Patrick McNamara


> On Thursday, Mr. Smith responded to the following (not my question):

> > I connect to internet thru my dialup to my ISP, and I don't have a
> > registered domain name.  I am just wondering if it's possible at all
> to
> > set up a DNS server (on the machine that connects to internet, of
> > course).  I have already set it up as my DHCP server, and am
> struggling
> > with IP masquerading right now.

> > Thanks very much for any pointers.  BTW, I am using COL 2.3.

> with:

> Sure. There are at least two configurations you might want to consider:

> 1) A caching-only nameserver. In this configuration, your nameserver
>    doesn't have its own entries, it just caches entries for use on your
>    local network, to reduce network use in DNS lookups.
> 2) A private domain nameserver. In this setup, you make up a domain
> name,
>    such as foo.bar. (Note that your fictitious domain should use a
>    nonexistent top-level domain, like bar in my example, not a real
>    top-level domain like com, edu, or whatnot.) You can then serve the
>    names of machines on your private network, in addition to caching
>    external names, as a caching-only nameserver does.

> I have set up the caching-only nameserver as discussed in (1).  My issue
> is with (2).  I've tried several ways to set up fake domain but have not
> had success.  The how-to advises against fake domains and so does not
> outline how to do it.  How is the caching-only nameserver set up so that
> it still performs its intended function yet also resolve a fake domain
> for an intranet web page that is only accessible only the local LAN?
> What is the syntax for essentially hardcoding a fake domain into a setup
> that caches external names?

> Any assistance that you can provide is appreciated.  Thank you.

 
 
 

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by Greg Leblan » Wed, 05 Jan 2000 04:00:00




Quote:> It's a pain to set up but it does work.

> I found the SAG (Linux Systems Administrator's Guide) and NAG (Network
> Administrator's Guide) to be invaluable ( i have hardcopies, as
> development on both seems to have been abandoned).  One in particular
(I
> forget which) gives a step by step cookbook for setting up DNS.  URLs
> anyone?

Both of these documents are available on http://www.veryComputer.com/
the GUIDEs section.  They are somewhat out of date, but we haven't found
any volunteers to maintain them.
        Greg
--
It's pronounced "*" not "scuzzy"!

Sent via Deja.com http://www.veryComputer.com/
Before you buy.

 
 
 

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by Scott Walke » Wed, 05 Jan 2000 04:00:00


Hmmm. I'm trying to do this, also. You say you need two IP's; if the
serving machine is using ppp to make the outside connection, then it
does have two (the internal network 198..., for example, and whatever
the ISP assigns to it on connection). Is that the same thing (2 IP's)?
Seems that the only way to get it to work is to use the ISP's DNS on the
server, and the server's 198 (internal) address as DNS on the rest of
the internal network; like you said.
Sorry if I seem to be parrotting here; I'm trying to chew on this. My
initial attempts to get this working seemed to work fine except that it
killed dial-on-demand except from the server itself. Never figured that
out....

> I have done exactly what you are trying to do.  Originally the dialup
> machine was NT4.0 and has MS DNS running on it, I have since moved the dns
> over to linux.  This is one case where the ideas work the same way on NT or
> Linux, though the setup is a bit different.  There is one catch to this
> setup:  The machine connected to the net can't use the internal DNS server;
> I'll explain why in a minute.  Now for what I had to do.

> The machine that will be serving as your DNS and dialup machine (I'll call
> it Hal for lack of a better name) needs to have two IPs.  I did this by
> binding to IPs to the same NIC.  The only thing run on the second IP is your
> local DNS.  Set up your local DNS and get it working, don't worry about
> outside resolution yet.  Once this works, edit the root namserver list (I
> just went braindead and can't remember the filename).  The only entry you
> want in this file is either your ISPs namserver or the other IP of Hal,
> depending on how your routes/masquerading is set up.  Point all other
> machines DNS at the second IP for Hal.

> In this setup, the local server answers all domain lookup requests.  If it
> can't find it in the local domain (or its cache) it forwards it on to what
> it thinks is root DNS server, it doesn't care that its not.  I made the
> comment that the machine connecting to the net can't use the local DNS
> server.  The reason being that if it does use the internal server and can't
> resolve a name the request gets sent back to the local server and you end up
> in an infinite loop of lookups.


> re-post.

> Patrick McNamara


> > On Thursday, Mr. Smith responded to the following (not my question):

> > > I connect to internet thru my dialup to my ISP, and I don't have a
> > > registered domain name.  I am just wondering if it's possible at all
> > to
> > > set up a DNS server (on the machine that connects to internet, of
> > > course).  I have already set it up as my DHCP server, and am
> > struggling
> > > with IP masquerading right now.

> > > Thanks very much for any pointers.  BTW, I am using COL 2.3.

> > with:

> > Sure. There are at least two configurations you might want to consider:

> > 1) A caching-only nameserver. In this configuration, your nameserver
> >    doesn't have its own entries, it just caches entries for use on your
> >    local network, to reduce network use in DNS lookups.
> > 2) A private domain nameserver. In this setup, you make up a domain
> > name,
> >    such as foo.bar. (Note that your fictitious domain should use a
> >    nonexistent top-level domain, like bar in my example, not a real
> >    top-level domain like com, edu, or whatnot.) You can then serve the
> >    names of machines on your private network, in addition to caching
> >    external names, as a caching-only nameserver does.

> > I have set up the caching-only nameserver as discussed in (1).  My issue
> > is with (2).  I've tried several ways to set up fake domain but have not
> > had success.  The how-to advises against fake domains and so does not
> > outline how to do it.  How is the caching-only nameserver set up so that
> > it still performs its intended function yet also resolve a fake domain
> > for an intranet web page that is only accessible only the local LAN?
> > What is the syntax for essentially hardcoding a fake domain into a setup
> > that caches external names?

> > Any assistance that you can provide is appreciated.  Thank you.

 
 
 

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by Patrick McNamar » Wed, 05 Jan 2000 04:00:00


Don't worry, it took my about six months and a lot of reading for me to figure it
out.  To answer your question about two IPs.  I had to assign the machine two
local IPs, beyond the dialup link.  Here's the reason.  Lets assume you have a
machine with two IPs: 192.168.0.1 and 192.168.0.2.  This machine also has a dialup
PPP connection.  This machine is acting as a firewall when connected to your ISP.
There are two ways for trafic to get through it.  One is masquerading the other is
a proxy server.  Assume that your proxy or masquerade is running on 192.168.0.1
In this case an DNS requests sent to that IP will be forwarded on to your ISPs DNS
servers.  To run a local DNS, you can run a DNS server on 192.168.0.2 with a
single root server of 192.168.0.1.

If the two IPs on a single network card is a little hard to grasp, you can use the
exact same setup using two seperate machines, on doing PPP/Proxy/Masquerade and
the other running as a DNS server.  This is the setup I am now using.

Patrick McNamara


> Hmmm. I'm trying to do this, also. You say you need two IP's; if the
> serving machine is using ppp to make the outside connection, then it
> does have two (the internal network 198..., for example, and whatever
> the ISP assigns to it on connection). Is that the same thing (2 IP's)?
> Seems that the only way to get it to work is to use the ISP's DNS on the
> server, and the server's 198 (internal) address as DNS on the rest of
> the internal network; like you said.
> Sorry if I seem to be parrotting here; I'm trying to chew on this. My
> initial attempts to get this working seemed to work fine except that it
> killed dial-on-demand except from the server itself. Never figured that
> out....


> > I have done exactly what you are trying to do.  Originally the dialup
> > machine was NT4.0 and has MS DNS running on it, I have since moved the dns
> > over to linux.  This is one case where the ideas work the same way on NT or
> > Linux, though the setup is a bit different.  There is one catch to this
> > setup:  The machine connected to the net can't use the internal DNS server;
> > I'll explain why in a minute.  Now for what I had to do.

> > The machine that will be serving as your DNS and dialup machine (I'll call
> > it Hal for lack of a better name) needs to have two IPs.  I did this by
> > binding to IPs to the same NIC.  The only thing run on the second IP is your
> > local DNS.  Set up your local DNS and get it working, don't worry about
> > outside resolution yet.  Once this works, edit the root namserver list (I
> > just went braindead and can't remember the filename).  The only entry you
> > want in this file is either your ISPs namserver or the other IP of Hal,
> > depending on how your routes/masquerading is set up.  Point all other
> > machines DNS at the second IP for Hal.

> > In this setup, the local server answers all domain lookup requests.  If it
> > can't find it in the local domain (or its cache) it forwards it on to what
> > it thinks is root DNS server, it doesn't care that its not.  I made the
> > comment that the machine connecting to the net can't use the local DNS
> > server.  The reason being that if it does use the internal server and can't
> > resolve a name the request gets sent back to the local server and you end up
> > in an infinite loop of lookups.


> > re-post.

> > Patrick McNamara


> > > On Thursday, Mr. Smith responded to the following (not my question):

> > > > I connect to internet thru my dialup to my ISP, and I don't have a
> > > > registered domain name.  I am just wondering if it's possible at all
> > > to
> > > > set up a DNS server (on the machine that connects to internet, of
> > > > course).  I have already set it up as my DHCP server, and am
> > > struggling
> > > > with IP masquerading right now.

> > > > Thanks very much for any pointers.  BTW, I am using COL 2.3.

> > > with:

> > > Sure. There are at least two configurations you might want to consider:

> > > 1) A caching-only nameserver. In this configuration, your nameserver
> > >    doesn't have its own entries, it just caches entries for use on your
> > >    local network, to reduce network use in DNS lookups.
> > > 2) A private domain nameserver. In this setup, you make up a domain
> > > name,
> > >    such as foo.bar. (Note that your fictitious domain should use a
> > >    nonexistent top-level domain, like bar in my example, not a real
> > >    top-level domain like com, edu, or whatnot.) You can then serve the
> > >    names of machines on your private network, in addition to caching
> > >    external names, as a caching-only nameserver does.

> > > I have set up the caching-only nameserver as discussed in (1).  My issue
> > > is with (2).  I've tried several ways to set up fake domain but have not
> > > had success.  The how-to advises against fake domains and so does not
> > > outline how to do it.  How is the caching-only nameserver set up so that
> > > it still performs its intended function yet also resolve a fake domain
> > > for an intranet web page that is only accessible only the local LAN?
> > > What is the syntax for essentially hardcoding a fake domain into a setup
> > > that caches external names?

> > > Any assistance that you can provide is appreciated.  Thank you.

 
 
 

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by Dale Ponti » Fri, 07 Jan 2000 04:00:00




Quote:> I have done exactly what you are trying to do.  Originally the dialup
> machine was NT4.0 and has MS DNS running on it, I have since moved the dns
> over to linux.  This is one case where the ideas work the same way on NT or
> Linux, though the setup is a bit different.  There is one catch to this
> setup:  The machine connected to the net can't use the internal DNS server;
> I'll explain why in a minute.  Now for what I had to do.

> The machine that will be serving as your DNS and dialup machine (I'll call
> it Hal for lack of a better name) needs to have two IPs.  I did this by

Pardon me please, but this sounds horribly complex, much moreso than
what I've been happily running at home since early September, 99. But
maybe I'm not doing what you need to do.

I have two boxen, one running exclusively Linux, the other multi-boot.
The exclusively Linux box runs as a firewall/masq server, and I have
some inside-only services running on it, as well. No services are
offerred outside. (Well, one of these days I'm going to open up AUTH
long enough to get a HackerWhacker scan.)

One of the inside services is DNS. I've set it up to be authoritative
for my whole two-machine network, even MX records on a fictitious
domain name. It also points to the root zone, in the normal way. But
in the BIND configuration file I also have the "forwarders" directive
pointing to my ISP's nameservers.

I connect to multiple ISP's so in ip-up I twiddle named.conf based on
who I've connected to, and tickle BIND to make it notice. When I'm
disconnected, there is no "forwarders".

It's really very simple, and I suspect that without the multiple ISP
requirement, I could probably leave named.conf alone, even when off-
line.

I learned all of this from Linux Gazette articles late summer/early
fall. The implementation was rather staged with the articles, MX
records being last.

Does this do what you need?

Dale Pontius
NOT speaking for IBM
(Now I'm starting to play with mod_roaming so that I can keep my
 bookmarks, etc, no matter which OS is booted on the desktop. Maybe
 someday this will outgrow its crossover cable into a real network.)

 
 
 

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by Patrick McNamar » Fri, 07 Jan 2000 04:00:00


I originally tried to set it up that way, but I don't remember why it wouldn't
work for me.  And yes, if it works, that is a much simpler way to do things.
Maybe I'll fiddle with it this weeked again.  Though, if it works why fix it...

Patrick McNamara




> > I have done exactly what you are trying to do.  Originally the dialup
> > machine was NT4.0 and has MS DNS running on it, I have since moved the dns
> > over to linux.  This is one case where the ideas work the same way on NT or
> > Linux, though the setup is a bit different.  There is one catch to this
> > setup:  The machine connected to the net can't use the internal DNS server;
> > I'll explain why in a minute.  Now for what I had to do.

> > The machine that will be serving as your DNS and dialup machine (I'll call
> > it Hal for lack of a better name) needs to have two IPs.  I did this by

> Pardon me please, but this sounds horribly complex, much moreso than
> what I've been happily running at home since early September, 99. But
> maybe I'm not doing what you need to do.

> I have two boxen, one running exclusively Linux, the other multi-boot.
> The exclusively Linux box runs as a firewall/masq server, and I have
> some inside-only services running on it, as well. No services are
> offerred outside. (Well, one of these days I'm going to open up AUTH
> long enough to get a HackerWhacker scan.)

> One of the inside services is DNS. I've set it up to be authoritative
> for my whole two-machine network, even MX records on a fictitious
> domain name. It also points to the root zone, in the normal way. But
> in the BIND configuration file I also have the "forwarders" directive
> pointing to my ISP's nameservers.

> I connect to multiple ISP's so in ip-up I twiddle named.conf based on
> who I've connected to, and tickle BIND to make it notice. When I'm
> disconnected, there is no "forwarders".

> It's really very simple, and I suspect that without the multiple ISP
> requirement, I could probably leave named.conf alone, even when off-
> line.

> I learned all of this from Linux Gazette articles late summer/early
> fall. The implementation was rather staged with the articles, MX
> records being last.

> Does this do what you need?

> Dale Pontius
> NOT speaking for IBM
> (Now I'm starting to play with mod_roaming so that I can keep my
>  bookmarks, etc, no matter which OS is booted on the desktop. Maybe
>  someday this will outgrow its crossover cable into a real network.)

 
 
 

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by Dave Thompso » Mon, 17 Jan 2000 04:00:00


I have a caching only nameserver running on my linux box with a small
home lan of win98 machines, dialup connection with my isp, ip masq etc
etc and it only took about 1/2 hour to setup after looking at the
following documentation:

http://linux.iaeste.or.at/LDP/HOWTO/DNS-HOWTO-3.html

 
 
 

Combination: Caching DNS & Serving Fake Domain Name w/in LAN

Post by Leslie Mikese » Mon, 17 Jan 2000 04:00:00




Quote:>I have done exactly what you are trying to do.  Originally the dialup
>machine was NT4.0 and has MS DNS running on it, I have since moved the dns
>over to linux.  This is one case where the ideas work the same way on NT or
>Linux, though the setup is a bit different.  There is one catch to this
>setup:  The machine connected to the net can't use the internal DNS server;
>I'll explain why in a minute.  Now for what I had to do.

>The machine that will be serving as your DNS and dialup machine (I'll call
>it Hal for lack of a better name) needs to have two IPs.  I did this by
>binding to IPs to the same NIC.  The only thing run on the second IP is your
>local DNS.  Set up your local DNS and get it working, don't worry about
>outside resolution yet.  Once this works, edit the root namserver list (I
>just went braindead and can't remember the filename).  The only entry you
>want in this file is either your ISPs namserver or the other IP of Hal,
>depending on how your routes/masquerading is set up.  Point all other
>machines DNS at the second IP for Hal.

>In this setup, the local server answers all domain lookup requests.  If it
>can't find it in the local domain (or its cache) it forwards it on to what
>it thinks is root DNS server, it doesn't care that its not.  I made the
>comment that the machine connecting to the net can't use the local DNS
>server.  The reason being that if it does use the internal server and can't
>resolve a name the request gets sent back to the local server and you end up
>in an infinite loop of lookups.

Why all the contortions?  If you set up a normal nameserver configured
as primary for your fake or real internal domain with the usual
cache of root nameservers it should work in all cases.  The only
difference with a fake domain is that no outside machines will
ever query it, and your internal machines *must* use it because
other servers won't be able to forward the queries.  You might
(or might not) want configure your server to use the ISP as
a forwarder.  It doesn't really matter, since you can reach
the root servers as well as he can.

  Les Mikesell

 
 
 

1. NIS domain names and DNS domain names not matching.

We are using a Solaris2.5.1 implementation of NIS (Not NIS+, e have SGI
systems on the network).  We have set the -b in the Makefile to resolve
hosts from DNS.  The DNS server has most of our hosts in a domain named
"houston.domain.com" and we use the NIS defaultdoamin of "domain.com"
There are also systems in midland and zimbabwe in DNS domains
"midland.domain,com" and "zimbabwe.domain.com".  I would like to be able
to resolve a host from NIS that may be in any of those domains without
specifying the .---.domain.com.

My /etc/resolv.conf looks like this;

search domain.com
hostresorder bind
nameserver 55.55.55.01
nameserver 55.55.55.02
search domain.com houston.domain.com \
midland.domain.com zimbabwe.domain.com

from an NIS client, I can ping foobar.zimbabwe.domain.com, but not
foobar.

The only workaround I have found thus far is to set aliases in DNS like
this;

55.45.00.200   foobar.zimbabwe.domain.com foobar.domain.com

Anyone have a better solution or a suggestion which might make life
easier?  Yes, I have to do it this way....policy.  No, the NIS/DNS names
below are not real.

Thanks in advance,
--

Anadarko Petroleum Corp, Houston (281)876-8619

UNIX doesn't ask you to confirm -- if you didn't want it to do what you
asked, why did you ask?'' -- Frank Willison, O'Reilly & Associates

2. printing - pt two - definately newbie

3. dns on lan, without registered ip or domain name

4. The Sixth Sense

5. Using Domain Name on LAN w/o Proper DNS

6. Question about drivers combo TV Pro (CL-5480).

7. real vs. fake domain names

8. ATI video capture.

9. What breaks when NIS+ & DNS domain names are different

10. determine throughput from LAN to Internet, Durchsatz vom LAN ins Internet berechnen

11. converting fake domain to PPP domain (mod_rewrite)?

12. Domain Name Serving

13. More on NIS+ domain != DNS domain & Secure NFS