[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BIND views to solve NAT problems

Subject: BIND views to solve NAT problems
From: Gregor Alessi <email@hidden>
Date: Sun, 20 Apr 2008 17:35:25 +0200
Delivered-to: email@hidden
Delivered-to: email@hidden

Hello all

Spring-cleaning... Some months ago I asked about a DNS problem. The answer was: Use views in BIND 9. I now read the article on o'reilly.com about this, and refreshed my knowledge about DNS a little.

I have a server doing NAT from a LAN to a WAN. The WAN is not under our control. en1 is the primary interface, connected to the WAN with IP 10.101.137.11 en0 is the secondary interface, with IP 192.168.1.11, serving DHCP to the clients, propagating itself as the router with IP 192.168.1.11. We do not answer DNS request from the WAN. This server is an OpenDirectory Master and AFP file server.

What *I think* I want to see from a client is:

$ dig xschr01.chr.psreg.lan
;; ANSWER SECTION:
xschr01.chr.psreg.lan.  86400   IN      A       192.168.1.11
;; AUTHORITY SECTION:
chr.psreg.lan.          86400   IN      NS      xschr01.chr.psreg.lan.

And on the server
;; ANSWER SECTION:
xschr01.chr.psreg.lan.  86400   IN      A       192.168.1.11

Where it was before
;; ANSWER SECTION:
xschr01.chr.psreg.lan.  86400   IN      A       192.168.1.11
xschr01.chr.psreg.lan.  86400   IN      A       10.101.137.1

With the problem, the two answers changed places between requests, most of the time. Very ugly.


I'm not sure if this is correct, please advise.
If it is, I would now add the following to my named.conf:

options {
        directory "/var/named";
};

view "localhost" {
	
        match-clients { localhost; };
        recursion yes;			/* this is the default */

        zone "chr.psreg.lan" {
                type master;
                file "local/db.chr.psreg.lan";
                allow-transfer { any; };
	};

};

view "internal" {
        match-clients { localnets; };
        recursion yes;			/* this is the default */

        zone "chr.psreg.lan" {
                type master;
                file "internal/db.chr.psreg.lan";
                allow-transfer { any; };
	};
};

view "external" {
	match-clients { any; };
	recursion no;


        zone "chr.psreg.lan" {
                type master;
                file "external/db.chr.psreg.lan";
	        allow-transfer { none; };
	};
};

Following this I need 3 files: /private/var/named/internal/db.chr.psreg.lan"; containing 192.168.1.11 as the servers A record and all the client info /private/var/named/external/db.chr.psreg.lan"; containing 10.101.137.11 as the servers A record and no other info /private/var/named/local/db.chr.psreg.lan"; containing 10.101.137.11 as the servers A record and all the client info

Am I on the right track with this?

--greg

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: BIND views to solve NAT problems
  - From: Giuliano Gavazzi <email@hidden>

Prev by Date: Re: Encrypted backup using sparse image - Issue
Next by Date: Re: Encrypted backup using sparse image - Issue
Previous by thread: Re: 10.5 Server Mail + DNS issue
Next by thread: Re: BIND views to solve NAT problems
Index(es):
- Date
- Thread

Home