[ previous ] [ next ] [ threads ]
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  "'Mike Razavi'" <mike at havepc dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] can't access to a domain name which is hosted in my LAN
 Date:  Mon, 17 Jan 2005 12:27:05 -0500
James W. McKeand wrote:
> The problem is that DNS will respond to a query with one of the
> following: IPs from zones listed in locally, IPs from cache, and IPs
> received from forwarders. Your DNS has zones listed locally with
> public IPs. Your DNS will reply to queries with this data.

I re-read my own posting after I sent...

You can also add query DNS roots for authoritative DNS then query
authoritative DNS directly.

There are two ways to configure DNS. One is to use forwarders. If the
DNS does not have the requested zone data (listed zone or cache) the
DNS will query listed forwarder for the information. If the forwarder
does not have the data it will query its forwarder, etc.

The other way to configure DNS is to use the root DNS servers (or Root
Hints). These are the big 13 that hold all of the authoritative
records for the top level domains (.com, .org, .net, etc). (Is this
still called InterNIC?) The purpose of these servers is to tell you
where to find the authoritative DNSs for a domain. i.e. "You can get
authoritative responses from x and y for domaina.com". With this
information your DNS will then query x and/or y to get the IP of the
host www.domaina.com. In my opinion, this is the long way around the
mountain, but it is a valid way to configure DNS.

I read a great DNS primer somewhere, I cannot remember where.

James W. McKeand