[tclug-list] DNS config

Tue May 3 09:14:27 CDT 2005

On Mon, May 02, 2005 at 07:35:40PM -0500, josh at joshwelch.com wrote:
> Quoting Tim Oudin <timo at bolverk.net>:
> 
> > Got a question about DNS, I'd be much appreciative if anyone could lend
> > some insight.
> > 
> > I have an internal office network running MS Small Business Server as a
> > PDC/Exchange server.  SBS apparently insists on managing DNS in it's
> > domain.  Internally I also have some web servers that are used for
> > development.  Everything in the office sits behind a Linux
> > gateway/firewall.
> > 
> > Externally I have a real, er, Linux DNS server running BIND.
> > 
> > The setup I inherited has a subdomains pointing into my dev web server for
> > external access to current projects.  This is something my people want, so
> > they get it.  Issue with the current config is that there are two
> > subdomains created for accessing the same content.  My people were told
> > that they needed to access this content with an
> > http://internal.mydomain.com from within the office and
> > http://external.mydomain.com from outside the network.  There is constant
> > complaining about the inconvenience associated with this config.  Although
> > the complaining may be petty it's what I get paid to deal with apparently.
> > 
> > DNS is configured for http://internal.mydomain.com to resolve to the
> > private IP address of the development server and
> > http://external.mydomain.com resolving to the public IP address that port
> > forwards to the same server.
> > 
> > I'm far from a DNS guru, in fact this job is the first that I've ever had
> > to deal with anything more than understanding the general concept to DNS. 
> > Is there any reason why I could not set up DNS on my SBS for
> > http://dev.mydomain.com to resolve to a private ip of, say, 10.0.0.111 and
> > set the same subdomain on my external DNS server with a public ip of my
> > gateway?
> > 
> > I have made some tests and all seems to work well as long as I have
> > primary DNS on my machine set to my SBS server and secondary to the ip of
> > the office gateway which has my external DNS as the first entry in
> > /etc/resolv.conf?
> > 
> > The previous admin seems to think this can not be done and I fail to see
> > the issue.
> > 
> 
> I do this currently, for similar reasons, and have been doing it for awhile.
> I've had no problems with this setup. It's a good way to handle the scenario
> you describe.
> 

I do this too in a few places, and it works great.  I will add that if
you're using bind 9, you can use the same dns server for both the
private and the public dns using "views".  Views in bind 9 allow you to
use different zone files depending on where the request is coming from
(IP based).  Works really slick, I use it at home where I don't have the
luxury of many dns servers.

Dan