[ previous ] [ next ] [ threads ]
 
 From:  "Neil Schneider" <pacneil at linuxgeek dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] can't access to a domain name which is hosted in my LAN
 Date:  Mon, 17 Jan 2005 14:01:54 -0800 (PST)
James W. McKeand said:
> Seth Rothenberg wrote:
>> I have a question on this,
>> and the resolution of this problem may
>> answer my question.
>>
>> I have a web/dns server in my LAN.  Before m0n0wall
>> I learned how to use the local DNS first, and
>> the ISP's DNS's after, and built zones into the local DNS,
>> so that queries from the LAN got the LAN address,
>> but queries from elsewhere got the firewall address.
>
> If you can get a DNS to respond to queries from LAN subnet with LAN
> IPs and queries from *ALL OTHER* IPs with WAN/DMZ IPs you are a better
> man than I... I do not think this can be done with Microsoft DNS -
> maybe with BIND... Question: is your LAN DNS authoritative for the
> domain? i.e. if I do a whois query will your LAN DNS be listed?
>

You most certainly can do split DNS with BIND, I'm doing it with the
following paramters on named.conf

view "trusted" {
        match-clients { 192.168.0.0/24; }; //our network
        recursion yes;
..............
}

view "untrusted" {
        match-clients { "any"; };
recursion no;

...............
}

This is pretty much a standard DNS setup, but it doesn't suprise me
that Micro$oft can't do it.

-- 
Neil Schneider                              pacneil_at_linuxgeek_dot_net
                                           http://www.paccomp.com
Key fingerprint = 67F0 E493 FCC0 0A8C 769B  8209 32D7 1DB1 8460 C47D

"All political parties die at last of swallowing their own lies."
                 -- Dr. John Arbuthnot (1667-1735)