DNS & Private LAN Addresses

DNS & Private LAN Addresses

Post by Mark Olber » Sun, 03 Oct 1999 04:00:00



A question about private LAN addresses (e.g., 192.168.1.x) and DNS
under Linux.

My DNS authority file for my domain lists both external addresses
(i.e., the static ethernet address assigned by my service provider),
and the private LAN addresses for my private network. I do this
because (a) I need to act as primary for my domain and (b) I use the
same DNS server as the nameserver for my private network.

Is there a problem in doing this? By including those private addresses
in my zone file, am I "exporting" them to the internet at large?

If I either shouldn't be including the private addresses in the zone
file, or if I didn't want to, where could I put them? I guess I could
put them in the etc/hosts file, although that seems a little kludgy.
Would it be possible to run two nameservers on the same Linux box, one
for the private LAN and one as primary for my domain?

Thanx in advance for any help!

- Mark

 
 
 

DNS & Private LAN Addresses

Post by Achim Gottinge » Tue, 05 Oct 1999 04:00:00



> A question about private LAN addresses (e.g., 192.168.1.x) and DNS
> under Linux.

> My DNS authority file for my domain lists both external addresses
> (i.e., the static ethernet address assigned by my service provider),
> and the private LAN addresses for my private network. I do this
> because (a) I need to act as primary for my domain and (b) I use the
> same DNS server as the nameserver for my private network.

> Is there a problem in doing this? By including those private addresses
> in my zone file, am I "exporting" them to the internet at large?

You should split your zone file in one for your private network and one
for your domain.
Add your Zones to /etc/named.conf and put a  notify no; line in your
private Zone.
Do the same for your revers-zone.
Quote:

> If I either shouldn't be including the private addresses in the zone
> file, or if I didn't want to, where could I put them? I guess I could
> put them in the etc/hosts file, although that seems a little kludgy.
> Would it be possible to run two nameservers on the same Linux box, one
> for the private LAN and one as primary for my domain?

> Thanx in advance for any help!

> - Mark


 
 
 

DNS & Private LAN Addresses

Post by Dustin Purye » Tue, 05 Oct 1999 04:00:00


On Mon, 04 Oct 1999 07:29:36 +0200, Achim Gottinger


>> Is there a problem in doing this? By including those private addresses
>> in my zone file, am I "exporting" them to the internet at large?

>You should split your zone file in one for your private network and one
>for your domain.
>Add your Zones to /etc/named.conf and put a  notify no; line in your
>private Zone.
>Do the same for your revers-zone.

Wouldn't this be a good time for ACL's if he is using bind 8?
 
 
 

DNS & Private LAN Addresses

Post by Mark Olber » Tue, 05 Oct 1999 04:00:00




Quote:>Wouldn't this be a good time for ACL's if he is using bind 8?

It would be, if he knew what the heck an ACL was! :)

I seem to have solved my problem by running two different named
daemons, one listening to the external interface -- and exposing only
the external mappings -- and one listening to the internal interface,
exposing only the internal mappings.

- Mark

 
 
 

DNS & Private LAN Addresses

Post by Dustin Purye » Tue, 05 Oct 1999 04:00:00






>>Wouldn't this be a good time for ACL's if he is using bind 8?

>It would be, if he knew what the heck an ACL was! :)

>I seem to have solved my problem by running two different named
>daemons, one listening to the external interface -- and exposing only
>the external mappings -- and one listening to the internal interface,
>exposing only the internal mappings.

Works for me.
 
 
 

DNS & Private LAN Addresses

Post by Frederic Fau » Thu, 07 Oct 1999 04:00:00








>>>Wouldn't this be a good time for ACL's if he is using bind 8?
>>It would be, if he knew what the heck an ACL was! :)
>>I seem to have solved my problem by running two different named
>>daemons, one listening to the external interface -- and exposing only
>>the external mappings -- and one listening to the internal interface,
>>exposing only the internal mappings.

>Works for me.

So the standard way to solve the issue of how to resolve public and
private hosts when using a firewall + NAT is

- either use ACL to check where the query is coming from (No mention
of ACLs in "DNS and BIND"; so I assume ACLs in DNS are used to limit
who can query it?) so as to resolve private addresses only when the
query is coming from an authorized network

- or run two named, each on one of the interfaces of the firewall
?

Any other way to solve this?

Thx for any tip,
FF.
--
The system required Windows 95 or better, so I installed Linux!

 
 
 

1. DNS setup for private lan & cable modem gateway

I'm having problems getting my gateway box to do DNS for my internal
LAN.  I've got a linux (Redhat 6.1) system with two nics (one to the
cable modem & one to the hub) and 4 systems hanging off the hub on my
internal network (192.168.1.x ip addresses).  They talk to gateway box
okay, it talks to them okay.  The gateway box works fine with the cable
modem (a caching only nameserver so far).  What I want to do is to have
the other systems to resolve thru the gateway box.  I've been going over
the DNS howto and I'm getting more and more confused.  Any suggestions
out there for a simple forwarding caching DNS?  I do have a functional
IPchains script but I have to have DNS working for the IPchains thingie
to work correctly.

thanks,

mel

2. "term" for Linux available for UNIX?

3. Forward lookups for private lan dns

4. mail to a program

5. BIND config for DNS on dialup masq proxy for private LAN

6. Stefan Monnier <foo@acm.com>

7. How can I access this public ip address on our private LAN?

8. What is /var/yp/updaters ?

9. Masquerading private LAN to private ip

10. Private network addresses on ISP's DNS

11. How to guarantee private DNS stays private?

12. rsh from private LAN to public LAN

13. Configure Public & Private DNS Server