[TCLUG] DNS followup

Tue Nov 28 10:18:39 CST 2000

If you have only one static IP, it get's assigned to the 675.  Everything
behind the 675 gets NAT'd.  You can't run an authoritative nameserver
without having a public IP on it, it won't serve out it's responses
correctly.  If it's just a caching nameserver for your internal use, you'll
be fine.  

It may be overkill to have another firewall behind your 675 for your
workstation, but if your running sendmail on your mailserver, it might be a
good idea.  :)  Ideally, you'd want to get a block of IP's from your ISP
(Most will give you a /29 for ~$15/mo).  Then you could have a setup like:

(internet, not to scale)----------[cisco 675]-----[firewall]
									|
									|
								[netgear
switch]
									|
|
									|
|
							[workstation]
[webserver/mail/caching dns]

If you need an authoritative dns server to host your own domain, you'll
either need to stick it between the 675 and the firewall, look at bind 9's
supposed support for working in a NAT'd environment, or use a free dns
service like granitecanyon.com (I use them for my personal stuff, they
rule).  For godsakes, don't run sendmail.  Use postfix or qmail.

Jay

> -----Original Message-----
> From: Nate Sanders [mailto:mauvehead at nerp.net]
> Sent: Tuesday, November 28, 2000 9:51 AM
> To: tclug-list at lists.real-time.com
> Subject: Re: [TCLUG] DNS followup
> 
> 
> I asume your going to do NAT behind the 675 and port forward web ports
> to the Web/Mail/Dns box?
> 
> Timothy Wilson wrote:
> > 
> > Hi everyone,
> > 
> > At the risk of repeating myself, I'd like to get a comment 
> or two on my plan
> > for setting up DNS on my DSL connection. I've changed a 
> couple things and
> > now I'm thinking of a network like the following:
> > 
> > (Internet)-------[ Cisco 675 ]-------[ Netgear switch ]
> >                                         |         |
> >                                         |         |
> >                                         |     +-------+
> >                                [ firewall ]   |  Web  |
> >                                     |         | mail  |
> >                                     |         |  DNS  |
> >                              +-------------+  +-------+
> >                              | workstation |
> >                              +-------------+
> > 
> > I have one static IP for my connection. I have reserved a domain
> > (qwerk.org) and would like to run my own DNS to make my Web 
> page available
> > at www.qwerk.org.
> > 
> > Anybody see a problem that will keep this from working?
> > 
> > -Tim
> > 
> > --
> > Tim Wilson      | Visit Sibley online:         | Check out:
> > Henry Sibley HS | http://www.isd197.k12.mn.us/ | 
http://www.zope.org/
> W. St. Paul, MN |                              | http://slashdot.org/
> wilson at visi.com |   <dtml-var pithy_quote>     | http://linux.com/
> 
> _______________________________________________
> tclug-list mailing list
> tclug-list at lists.real-time.com
> https://mailman.real-time.com/mailman/listinfo/tclug-list

-- 
Nate Sanders                                    darkskull at IRC (newnet)
mauvehead at nerp.net                            http://www.damnation.net
----------------------------------------------------------------------
who | grep -i blonde | date; cd ~; unzip; touch; strip; finger; mount;
gasp; yes; uptime; umount; sleep	- Unix Is Sexy.
_______________________________________________
tclug-list mailing list
tclug-list at lists.real-time.com
https://mailman.real-time.com/mailman/listinfo/tclug-list