Board index Linux Networking

Internal DNS Question

Internal DNS Question

Post by <tna.. » Thu, 18 Apr 2002 01:54:44



I have all my public dns at my ISP.  I want to configure a dns server to
resolve names for my internal hosts.  I want this internal server to
forward all Internet dns lookups to my ISPs dns server.  I know how to do
this

My question is with respect to the cache file on the internal dns server.
Since my internal dns server will only be doing lookups for my internal
hosts, I do not need the usual cache file that is comprised of Internet
Root Servers.  What should my cache file consist of?

Thanks in advance,

Tom Naves

 
 
 
Top

Internal DNS Question

Post by Karl Heye » Thu, 18 Apr 2002 04:45:00



> I have all my public dns at my ISP.  I want to configure a dns server to
> resolve names for my internal hosts.  I want this internal server to
> forward all Internet dns lookups to my ISPs dns server.  I know how to do
> this

> My question is with respect to the cache file on the internal dns server.
> Since my internal dns server will only be doing lookups for my internal
> hosts, I do not need the usual cache file that is comprised of Internet
> Root Servers.  What should my cache file consist of?

I don't think you need to "." zone if this situation or if you do then
the cache file can be blank.

karl.

 
 
 
Top

Internal DNS Question

Post by David K. Mean » Fri, 19 Apr 2002 06:20:03



> I have all my public dns at my ISP.  I want to configure a dns server to
> resolve names for my internal hosts.  I want this internal server to
> forward all Internet dns lookups to my ISPs dns server.  I know how to
> do this

> My question is with respect to the cache file on the internal dns
> server. Since my internal dns server will only be doing lookups for my
> internal hosts, I do not need the usual cache file that is comprised of
> Internet Root Servers.  What should my cache file consist of?

  Forwarding *all* the requests to your ISP except the ones for
internal hosts will only cause extra resolution delays, so unless you
have some special requirement that does not allow you to receive DNS
traffic, it is *much* better to keep the cache, send your off-net
queries directly to the root-servers, and cache the replies.  This way,
your local named will learn about the rest of the Internet, and be able
to make direct requests to domains that it has seen before.

  The usual problem with your kind of setup is that of allowing what
should be a local resolution to escape outside the Private Network.
To avoid this, you merely need to tell the local  named that it is
*authoritative* for the local domain (or subdomain), and make all
your local machines point to the local named as their nameserver.
You can do this even if the ISP is declared to be authoritative, because
the local nameserver will field all requests for your domain, and only
pass on requests for *other* domains.  Thus, the ISP becomes
authoritative for *outside* users, and your local named is the authority
for Private Network users.

HTH

 
 
 
Top

Internal DNS Question

Post by David Efflan » Fri, 19 Apr 2002 20:05:11



> I have all my public dns at my ISP.  I want to configure a dns server to
> resolve names for my internal hosts.  I want this internal server to
> forward all Internet dns lookups to my ISPs dns server.  I know how to do
> this

> My question is with respect to the cache file on the internal dns server.
> Since my internal dns server will only be doing lookups for my internal
> hosts, I do not need the usual cache file that is comprised of Internet
> Root Servers.  What should my cache file consist of?

The root server file is not a cache file, it is where named goes if it
cannot get an answer anywhere else (locally or any defined forwarders).

My ISP's nameservers (ameritech) are sometimes bogged down at busy times.  
So it is much quicker for me to cache all DNS locally than to have to make
repeated internet requests for the same name (like subsequent internet
pages on same host or every image on a page).

This does not mean that the cache will retain old expired data.  Any names
in the cache that have expired will be refetched when needed.

--
David Efflandt - All spam ignored  http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/

 
 
 
Top

Internal DNS Question

Post by <tna.. » Sat, 20 Apr 2002 03:40:33


Thanks for the information.  I did not consider the fact that the internal
dns, if sending off-net lookups to the root servers, would cache the
lookups thus reducing lookup time and traffic across the T1.

Tom



> > I have all my public dns at my ISP.  I want to configure a dns server to
> > resolve names for my internal hosts.  I want this internal server to
> > forward all Internet dns lookups to my ISPs dns server.  I know how to
> > do this

> > My question is with respect to the cache file on the internal dns
> > server. Since my internal dns server will only be doing lookups for my
> > internal hosts, I do not need the usual cache file that is comprised of
> > Internet Root Servers.  What should my cache file consist of?

>   Forwarding *all* the requests to your ISP except the ones for
> internal hosts will only cause extra resolution delays, so unless you
> have some special requirement that does not allow you to receive DNS
> traffic, it is *much* better to keep the cache, send your off-net
> queries directly to the root-servers, and cache the replies.  This way,
> your local named will learn about the rest of the Internet, and be able
> to make direct requests to domains that it has seen before.

>   The usual problem with your kind of setup is that of allowing what
> should be a local resolution to escape outside the Private Network.
> To avoid this, you merely need to tell the local  named that it is
> *authoritative* for the local domain (or subdomain), and make all
> your local machines point to the local named as their nameserver.
> You can do this even if the ISP is declared to be authoritative, because
> the local nameserver will field all requests for your domain, and only
> pass on requests for *other* domains.  Thus, the ISP becomes
> authoritative for *outside* users, and your local named is the authority
> for Private Network users.

> HTH

 
 
 
Top

Internal DNS Question

Post by <tna.. » Sat, 20 Apr 2002 03:47:21



> The root server file is not a cache file, it is where named goes if it
> cannot get an answer anywhere else (locally or any defined forwarders).

Whoops! My Microsoft-Windows-NTness is showing.  They call it a cache file
and its name is cache.dns.

Thanks for the help.

Tom

 
 
 
Top

1. Internal DNS question.

I have a network of machines, some of which are exposed to the big bad
internet,
and an internal network of machines which masquearade through one of my
linux boxen to the outside.

Is it possible to set up a DNS server so that it will still honor requests
for valid routable internet ip addresses, and resolve internal non routable
internal network ip addresses (172.16.x.x or 192.168.1.x )?

I dont want external hosts being able to query our internal network
structure... yet I would like the magic of DNS on our private network.

2. support for #9 9FX 334 reality?

3. Basic DNS Question: Internal IP visibility from Internet

4. returning value from PL/SQL block

5. To Internal or Not To Internal - That is the Question

6. Xlib11 and X-Development

7. DHCP, DNS, WINS, dynamic DNS, other questions

8. Yamaha Sa-X sound board

9. How can I force my internal DNS server to refresh?

10. Squid don`t accept internal urls without dns suffix

11. Apache/DNS/Firewall - External/Internal problems

12. internal DNS in vpn

13. Internal DNS name direction...


All times are UTC
Board index