Hi all,
I imagine that what I'm about to ask is the basis of DNS but I just can't get my head round it.
I have a LAN, a firewall/dns and dmz(kvm).
Code:
[laptop ]--+ +--[Server1]
[printer]--+--192.168.1.x---[FW/DNS]---192.168.122.x---+
[... ]--+ | +--[Server2]
|
[Internet]
The problem I am facing is that from the internet, the DNS will forward requests to one of my servers to the range '192.168.122.x' as it should but when I try and connect to a server from my laptop (192.168.1.x) the DNS gives me 192.168.122.x.
This is a problem as I need to have mod_proxy forward the url to the proper server and not access it directly.
What am I doing wrong?
I have a very basic setup as follows:
Code:
# cat named.conf
include "/etc/bind/named.conf.options";
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "example.com" {
type master;
file "/etc/bind/zone.example.com";
};
zone "122.168.192.in-addr.arpa" {
allow-query { 192.168.122.1; };
type master;
file "/etc/bind/db.192.168.122";
};
zone "1.168.192.in-addr.arpa" {
allow-query { 192.168.1.1; };
type master;
file "/etc/bind/db.192.168.1";
};
include "/etc/bind/named.conf.local";
I tried using
allow-query { x.x.x.x; } to restrict access to 122.x requests from a 1.x range but that doesn't seem to do the job.
Code:
# cat db.192.168.1
$TTL 604800
@ IN SOA example.com. root.example.com. (
2010051402 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
1 IN NS ns1.example.com.
200 IN NS hp6110.example.com.
deb01 IN CNAME ns1
deb02 IN CNAME ns1
deb03 IN CNAME ns1
printer IN CNAME hp6110
Code:
# cat db.192.168.122
$TTL 604800
@ IN SOA example.com. root.example.com. (
2010051301 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
1 IN NS ns2.example.com
2 IN PTR deb02.example.com
3 IN PTR deb03.example.com
11 IN PTR deb01.example.com
Code:
# cat zone.example.com
$TTL 604800
@ IN SOA ns.example.com. root.example.com. (
2010051301 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
IN NS ns1.example.com.
IN NS ns2.example.com.
IN MX 20 mail.example.com.
ns1 IN A 192.168.1.1
ns2 IN A 192.168.122.1
deb01 IN A 192.168.122.11
deb02 IN A 192.168.122.2
deb03 IN A 192.168.122.3
hp6110 IN A 192.168.1.200
printer IN CNAME hp6110
In short how do I configure my DNS to handle/restrict 3 ranges (wan/lan/dmz)?
Any help or pointing me to the right documentation are welcome!
Thanks.