DNS Configuration

metallica1973 · 06-23-2006, 09:40 AM

Here is my network: My ISP is doing all of the DNS stuff.

Firewall (Linux)------DMZ----------Web Server
|
|
|
Proxy (linux)----- Wireless LAN(linux)
|
|
|
LAN(windows)

Do I need 2 dns servers for my network. One for the outside and one for the inside? How would I properly configure these DNS servers to work with my hybrid network (linux & Windows). Is there a easy how-to?

acid_kewpie · 06-23-2006, 09:51 AM

DNS doesn't give two hoots about what operating systems are being used. Can you provide more detail about what your DNS servers are intended to do? are you wanting to serve your own records for a domain you own and also forward to the internet for other requests? this is reasonably basic DNS stuff, nothi9gn a simple BIND configuartion would have any trouble with. more information would be a help though.

metallica1973 · 06-23-2006, 10:12 PM

I would like to set up my own DNS servers for my own web server.

acid_kewpie · 06-24-2006, 02:34 AM

well you'd simply look to follow the bind howto if it is bind that you wish to be using. one instance can happily server internal and external requests, no need fo rmultiple instances or anything,

metallica1973 · 06-24-2006, 09:15 AM

What about any security advice that I should know about? And what machine should I place my Bind on, please refer to my network from above. thanks

acid_kewpie · 06-25-2006, 01:08 PM

there's not a huge amount to say about security, as long as you don't enable options for rmeote updates and things like that, which are turned off by default i would assume.

as for where to put it.. really up to you. i would assume that your proxy and your firewall are probably performing some additional functions too... i'd probably say your proxy, but you've not said anything about what's running on it etc...

metallica1973 · 06-28-2006, 05:17 AM

On my proxy I am simply running Novell Suse 10,Squid and Dansguardian to filter websites. My firewall is only running a firewall script that I built and it is running on Suse 10 as well. So you think that is should go on my proxy? If I am going to be serving my own records for my own domain for my webserver what needs to be done to protect it from the internet and a cracker messing with stuff?

acid_kewpie · 06-28-2006, 05:24 AM

i'm not a bind security expert to be honest, but as long as options are left on the safe defaults, you should be fine. that proxy seems a reasonable place, yeah. I guess if you wanted to be hardcore, you'd want to have a secondary domain running on the webserver, which replicated from the proxy server. so you'd use the proxy one as fyou formal local master, and only expose a copy of the records to the internet. getting a bit OTT there though!

metallica1973 · 06-28-2006, 10:54 AM

Can you point me to a simple how to ? Also what is the difference between Bind and dhcpd or Named?

acid_kewpie · 06-28-2006, 01:58 PM

named (name daemon) *IS* BIND (Berkeley Internet Name Daemon) and is a DNS server

dhcpd is a DHCP server, so performs a totally seperate role.

as far as guides, to be honest the bind howto at tldp.org wouldbe the first port of call.

metallica1973 · 06-28-2006, 09:02 PM

one more question RHCE or NCLE or LPI level 2? Which one carries more weight. I see that you are RCHE certified.

acid_kewpie · 06-29-2006, 01:07 AM

RHCE by a country mile. suse isn't number one, redhat is. and LPI is just a chepa memory test.