Simple DNS For Private LAN

Drew Tomlinson drew at
Wed Jun 28 18:03:27 UTC 2006

On 6/28/2006 7:43 AM Giorgos Keramidas wrote:
> On 2006-06-23 14:26, Drew Tomlinson <drew at> wrote:
>>> If you use NAT, then I can guide you through setting up a local
>>> ``master zone'' that is only visible inside your home network, and a
>>> ``slave zone'' that pulls stuff from ZoneEdit for the
>>> ``'' domain.  I already have a similar setup at
>>> home, to let my internal systems (workstation, laptop) see each other
>>> with internal names and still use my ISP's name servers for
>>> everything else.
>>> If you don't use NAT, things are going to be much easier, since you
>>> only have to set up the names at ZoneEdit and pull the master zone
>>> from there.
>> Thank you for your reply.
> You're welcome of course :-)
>> I use NAT for my servers that are visible from the outside so I set
>> ZoneEdit to return the same address for all servers at
>> which is currently
> Excellent!  This is exactly what I was hoping the setup would be.
>> Thus,,
>>, and whatever else. all return
>> Based up this, it seems that I should leave ZoneEdit alone and set up
>> a local "master zone" visible only to my private LAN as you describe
>> above.  Being a slave and pulling from ZoneEdit wouldn't have any
>> benefit as the public address won't equal the private address.
> Quite right.
>> So assuming I understand correctly, yes, please guide me in setting up
>> a local master zone.
> Assuming that your local home network uses addresses in the
> range, you have to set up a local name server which will
> recognize and reply for the following zones:
>     "drew."		# "*.drew" are local home network names
>     192.168.0.*		# reverse IP address -> name for home hosts
>     127.0.0.*           # localhost zone (optional)

I use virtual servers with Apache.   To access those from the inside, I 
have to use the same URL as is used on the outside.  So from the 
Internet, I need to resolve to my public IP but 
on the inside, I need it to resolve to 192.168.0.x.  Thus it seems to me 
that the .drew zone won't work for my setup.  Or am I missing something?

Can I set up my server to be authoritative for 
instead of .drew but only be visible from the inside?  Obviously if it 
responded to queries from the Internet, I'd really have a mess.  What do 
you recommend?

Thanks again for your help!


[lots of useful step-by-step config info snipped]

Be a Great Magician!
Visit The Alchemist's Warehouse

More information about the freebsd-questions mailing list