DNS resolution for internal and external clients

bobbera · 11-22-2010, 04:55 AM

Hi ,

we have a DNS server is being used for external clients .
Recently we installed awstat monioring tool in ordr to collect either ftp or mail statistic.
Since our server is DNS server by defenition we may see all external clients requests to the ftp/mail services .But a LAN clients cannot be resolved by their IPs . The second nameserver line doesn't work .

DNS server's conf file looks like :

search mycompany.com
nameserver 127.0.0.1
nameserver LAN_IP_Address

How to configure the server it will resolve both external and corporate clients ?

Thanks .

/Vlad .

bathory · 11-22-2010, 05:39 AM

Hi,

You have to use a so-called split dns.
Take a look at this how to for details

Regards

bobbera · 11-23-2010, 02:22 AM

Thanks for the response .

Sorry , I forgot to mention that for external clients our server is a DNS server whereas in order to resolve corporate clients it uses our internal Windows DNS server .

In /etc/resolv.conf mycompany.com is our external domain and all external clients requests are being served fine . But if I add "nameserver LAN_IP_Address " it doesn't effect for the server itself as a client to resolve internal clients in LAN where mycompany.kuku.com defined .mycompany.kuku.com is being maintained by Windows DNS server .

search mycompany.com
nameserver 127.0.0.1
nameserver LAN_IP_Address

When I change the order like below the server can resolve internal clients but than it stops to serve external requests .And this its primary role .

search mycompany.com
nameserver LAN_IP_Address
nameserver 127.0.0.1

So , how to implement that dual functionality ?

Thanks .

bathory · 11-23-2010, 02:43 AM

Hi,

Did you read the howto in the link of my previous post?
You have to define an internal view for your LAN clients, where you can forward queries to the windows dns.

E.g. based on the above you can have:

Code:

view "internal" {
    match-clients { internals; };
        type forward;
        forward  only;
        forwarders { LAN_IP_Address;};
    };

The rest will be served by the external view.

Regards

bobbera · 11-24-2010, 07:33 AM

Hi , we followed your recommendations and added to the /etc/named.conf :

acl internals {
10.0.0.0/24;
};

view "internal" {
match-clients { internals; };
type forward; // this is 107 line
forward only;
forwarders { 10.63.3.60;};
};

But named failed to reload with this message

Nov 24 15:02:00 gate named: /etc/named.conf:107: unknown option 'type'
Nov 24 15:03:25 gate named[16319]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5 -u named -t /var/named/chroot

bathory · 11-24-2010, 08:46 AM

Oups missed the zone name, sorry:

Code:

...
acl internals {
10.0.0.0/24;
};
view "internal" {
        match-clients { internal; };

zone "kuku.com" {
type forward; // this is 107 line
forward only;
forwarders { 10.63.3.60;};
}
};

view "external" {
        match-clients { any; };
//Put everything else in this zone
};

Cheers