LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-14-2010, 04:29 AM   #1
eco
Member
 
Registered: May 2006
Location: BE
Distribution: Debian/Gentoo
Posts: 412

Rep: Reputation: 48
bind9 config problem serving internal and external addresses


Hi all,

I imagine that what I'm about to ask is the basis of DNS but I just can't get my head round it.

I have a LAN, a firewall/dns and dmz(kvm).

Code:
[laptop ]--+                                           +--[Server1]
[printer]--+--192.168.1.x---[FW/DNS]---192.168.122.x---+
[...    ]--+                    |                      +--[Server2]
                                |
                            [Internet]
The problem I am facing is that from the internet, the DNS will forward requests to one of my servers to the range '192.168.122.x' as it should but when I try and connect to a server from my laptop (192.168.1.x) the DNS gives me 192.168.122.x.

This is a problem as I need to have mod_proxy forward the url to the proper server and not access it directly.

What am I doing wrong?

I have a very basic setup as follows:
Code:
# cat named.conf

include "/etc/bind/named.conf.options";

zone "." {
        type hint;
        file "/etc/bind/db.root";
};

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

zone "example.com" {
        type master;
        file "/etc/bind/zone.example.com";
};

zone "122.168.192.in-addr.arpa" {
        allow-query { 192.168.122.1; };
        type master;
        file "/etc/bind/db.192.168.122";
        };

zone "1.168.192.in-addr.arpa" {
        allow-query { 192.168.1.1; };
        type master;
        file "/etc/bind/db.192.168.1";
        };

include "/etc/bind/named.conf.local";
I tried using allow-query { x.x.x.x; } to restrict access to 122.x requests from a 1.x range but that doesn't seem to do the job.

Code:
# cat db.192.168.1

$TTL    604800
@       IN      SOA     example.com. root.example.com. (
                     2010051402         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;

1               IN      NS      ns1.example.com.
200             IN      NS      hp6110.example.com.

deb01		IN	CNAME	ns1
deb02		IN	CNAME	ns1
deb03		IN	CNAME	ns1

printer         IN      CNAME   hp6110
Code:
# cat db.192.168.122 

$TTL    604800
@       IN      SOA     example.com. root.example.com. (
                     2010051301         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;

1       IN      NS      ns2.example.com
2       IN      PTR     deb02.example.com
3       IN      PTR     deb03.example.com
11      IN      PTR     deb01.example.com
Code:
# cat zone.example.com 

$TTL    604800
@       IN      SOA     ns.example.com. root.example.com. (
                      2010051301        ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
                IN      NS      ns1.example.com.
                IN      NS      ns2.example.com.

                IN      MX 20   mail.example.com.

ns1             IN      A       192.168.1.1
ns2             IN      A       192.168.122.1
deb01           IN      A       192.168.122.11
deb02           IN      A       192.168.122.2
deb03           IN      A       192.168.122.3
hp6110          IN      A       192.168.1.200

printer         IN      CNAME   hp6110
In short how do I configure my DNS to handle/restrict 3 ranges (wan/lan/dmz)?

Any help or pointing me to the right documentation are welcome!

Thanks.

Last edited by eco; 05-14-2010 at 04:31 AM. Reason: omission
 
Old 05-14-2010, 05:03 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,907

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Hi,

It looks like you have to setup views, so you can answer queries in a different way depending of the host ip address.
 
1 members found this post helpful.
Old 05-14-2010, 06:34 AM   #3
eco
Member
 
Registered: May 2006
Location: BE
Distribution: Debian/Gentoo
Posts: 412

Original Poster
Rep: Reputation: 48
Thanks bathory, that did the job

The following is to help anyone in the same situation I was in. Hope it helps.

Code:
include "/etc/bind/named.conf.options";

acl lan_hosts {
        127.0.0.0/8;
        192.168.122.0/24;
};


// prime the server with knowledge of the root servers
view "internal-view" {
        match-clients { lan_hosts; };
        zone "." {
                type hint;
                file "/etc/bind/db.root";
        };

        zone "localhost" {
                type master;
                file "/etc/bind/db.local";
        };

        zone "127.in-addr.arpa" {
                type master;
                file "/etc/bind/db.127";
        };

        zone "0.in-addr.arpa" {
                type master;
                file "/etc/bind/db.0";
        };

        zone "255.in-addr.arpa" {
                type master;
                file "/etc/bind/db.255";
        };

        zone "122.168.192.in-addr.arpa" {
                type master;
                file "/etc/bind/db.192.168.122";
        };

        zone "example.com" {
                type master;
                file "/etc/bind/zone.example.com-internal";
        };

};

view "external-view" {
        match-clients { any; };

        zone "example.com" {
                type master;
                file "/etc/bind/zone.example.com";
        };

        zone "1.168.192.in-addr.arpa" {
                type master;
                file "/etc/bind/db.192.168.1";
        };
};
 
1 members found this post helpful.
  


Reply

Tags
bind9, dmz, dns, lan


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] BIND9 configuration for internal LAN Person_1873 Linux - Server 3 08-21-2009 12:31 PM
BIND9 - I can resolve all hosts but not internal domain todd_dsm Linux - Server 5 04-06-2009 09:11 PM
Fedora 9 internal/external routing problem calphis Linux - Networking 2 10-10-2008 12:14 AM
Bind9 and An Internal Website BorgKiller *BSD 4 05-28-2006 11:10 PM
Apache - serving to external hosts from a computer on my internal network Khang Linux - Networking 4 01-24-2005 05:10 PM


All times are GMT -5. The time now is 08:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration