Re: Trying to use feature LOG_FGDN ON which performs a nslookup in ac cess.log

Philippe PAULEAU wrote:

> My problem is that i can't find a configuration where i can resolve
> the two networks at the same time.

> I've tried this:
> ########### named.boot ###################
> directory /var/named
> ; type domain source host/file backup file
> cache mydomain.com mydomain.cache
> cache . internet.cache
> primary 0.0.127.IN-ADDR.ARPA 127.0.0.zone
> primary localhost localhost.zone

This can't work. Cached data is only used if bind has no other means of
resolving the name.

There are at least three different BIND setups that solves your problem.
Which setup to select depends on your internet connectivity. If your
internal network is completely isolated from the internet with a private
DNS tree (including root) then you need 3 DNS servers for proper
operation (internal, external and both). If you internal DNS system is
allowed to know about external names then 2 DNS servers are needed.

##### Internal DNS tree ######

Internal DNS Servers should only be able to resolve internal names. Any
lookups of external names using a internal server should return "host
not found". Internal names should not be exposed to the Internet.

*** "External" caching bind on 192.168.1.1/internet connected ***
directory /var/named
cache . root.cache
primary 0.0.128.in-addr.arpa 127.0.0.zone
primary localhost localhost.zone

*** Internal DNS on 192.168.1.2 ***

*** Hybrid named.boot on 192.168.1.3 (internal) ***
directory /var/named
cache . root.cache
primary 0.0.127.in-addr.arpa 127.0.0.zone
primary localhost localhost.zone
secondary mydomain.com 192.168.1.2 mydomain.sec
secondary 168.192.in-addr.arpa 192.168.1.2 192.168.sec
forwarders 192.168.1.1
slave

*** resolv.conf ***
domain mydomain.com
nameserver 192.168.1.3

##### Hybrid setup #####

It is acceptable if internal DNS servers can resolve external names, but
internal names should not be exposed to the internet.

*** External caching named on 192.168.1.1/internet connected ***
directory /var/named
cache . root.cache
primary 0.0.127.in-addr.arpa 127.0.0.zone
primary localhost localhost.zone

*** Internal DNS on 192.168.1.2 ***
directory /var/named
cache . internal-root.cache
primary 0.0.127.in-addr.arpa 127.0.0.zone
primary localhost localhost.zone
primary mydomain.com mydomain.zone
primary 168.192.in-addr.arpa 192.168.zone
primary ...
forwarders 192.168.1.2
slave

*** resolv.conf ***
domain mydomain.com
nameserver 192.168.1.2

##### Dual homed setup ######

this is like the "Internal DNS tree" setup, but your internal names are
exposed to the internet for anyone who cares to look for them (and knows
where to look).

*** Hybrid named.boot on 192.168.1.1/internet connected ***
directory /var/named
cache . root.cache
primary 0.0.127.in-addr.arpa 127.0.0.zone
primary localhost localhost.zone
secondary mydomain.com 192.168.1.2 mydomain.sec
secondary 168.192.in-addr.arpa 192.168.1.2 mydomain.sec

*** Internal DNS on 192.168.1.2 ***

*** resolv.conf ***
domain mydomain.com
nameserver 192.168.1.1
Received on Tue Dec 22 1998 - 17:21:37 MST