Simple DNS For Private LAN

Giorgos Keramidas keramida at ceid.upatras.gr
Wed Jun 28 17:20:21 UTC 2006 

On 2006-06-28 10:10, Drew Tomlinson <drew at mykitchentable.net> wrote:
>On 6/28/2006 7:43 AM Giorgos Keramidas wrote:
>>> So assuming I understand correctly, yes, please guide me in setting
>>> up a local master zone.
>>
>> Assuming that your local home network uses addresses in the
>> 192.168.0.0/16 range, you have to set up a local name server which
>> will recognize and reply for the following zones:
>>
>>     "drew."          # "*.drew" are local home network names
>>     192.168.0.*      # reverse IP address -> name for home hosts
>>     127.0.0.*        # localhost zone (optional)
>
> I use virtual servers with Apache.   To access those from the inside,
> I have to use the same URL as is used on the outside.  So from the
> Internet, I need drew.mykitchentable.net to resolve to my public IP
> but on the inside, I need it to resolve to 192.168.0.x.  Thus it seems
> to me that the .drew zone won't work for my setup.  Or am I missing
> something?

It will probably work, as long as the internal machines have an internal
nameserver as the first `nameserver' entry of their `resolv.conf' file.

If you are planning to use the same domain name for both the internal
and externally visible IP addresses, it's not a very good idea though.

Overloading a domain with inside addresses means that when you are
`inside' the local network, you can only see the internal IP addresses :(

> Can I set up my server to be authoritative for .mykitchentable.net
> instead of .drew but only be visible from the inside?

Yes.  But then you will only be able to see internal IP addresses when
you ask for `whatever.mykitchentable.net'.  The external webserver with
the same name will be "masked" by the internal name server.

> Obviously if it responded to queries from the Internet, I'd really
> have a mess.  What do you recommend?

I generally go for locally visible internal domain names, to avoid the
"masking" problems mentioned above.  As long as your internal DNS server
blocks queries from everyone except the internal network (i.e. using the
`allow-query' option in either the global "options { ... }" section or
for the internal zone entry in `named.conf'), this should work.

More information about the freebsd-questions mailing list