TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TCLUG:5377] Talk to me a bit about domains...



> I'm in the process of setting up some DNS stuff at home.

	Ooh, one of my favorite topics.
	First thing you oughtta do is get the latest version of the ORA "DNS and
Bind" book (I think that's the dragonfly book -- my copy's packed up in a
box in the back awaiting an office remodeling.)  Reference material is good.

> ...
> My official domain name is: "skj.dsl.visi.com"
>
> Now, on the internal LAN side of the world, I'm using the 192.168.1.x
> block of IP addresses.
>
> Where I'm getting confused is with the hostname stuff...
>
> Can I name the hosts pretty much any hostname.domainname.net, being
> that the real world never sees them??

	Yep.  Call 'em [name].microsoft.com if you like.  If you want to get
ridiculous, you could even have your own internal top-level domain.  But, if
they conflict with any real-world addresses, you won't be able to resolve
names for those external addys.

> Do I give my firewall two different hostnames, one for each interface
> (can that even be done?)?

	Yes, this can be done, and I recommend it.   I've used both ways.  In
general, I feel it makes management and security easier when the inside and
outside are clearly distinguishable by name.  Here at work, however, we use
cccu.com both inside and outside the firewall, and it works out well enough.
	The important thing to remember with this stuff is that you don't assign
addresses & names to computers, you assign them to interfaces.


> If I interact with the internal side of my firewall as
> "skj.dsl.visi.com", how does that affect my internal domain name
> settings, if at all?

	I'm not sure exactly what you have in mind here, but this sounds like a bad
idea -- you need some way of clearly distinguishing between the internal and
external interface.
	When we first had our firewall installed here, the consultant who installed
it set it up in such a way that to the inside world the inside was
"firewall" and the outside "firewall-ext", but to the outside world the
*outside* was "firewall" (the inside was, of course, inaccessible).  While
this made some vague sort of sense, it resulted in enough confusion that I
eventually revamped it to make the names for the two interfaces consistent
no matter where you were.

> I feel like I'm having one giant brain fart with all this...should be
> easy to figure out right??
>

	It is pretty easy once you've figured it out...  Once you understand it,
the logic of TCP/IP and DNS is generally consistent and self-evident -- it's
getting to that point that's hard.

	Feel free to contact me if you need more help.  Tragic as it sounds, I do
actually do network setup for fun, and your network architecture sounds
almost identical to my home setup.