|
My Two Cents: I agree with John about answers and explanations, but a secondary DNS is not the answer either people. I am assuming that the issue here, as in 98% of the routing issues I look at for users these days, is IP routing and DNS resolution complicated by the use of RFC-1918 private IP Polls. Three things to remember when designing your solutions: 1.) Private IPs are just that Private, and should not be exposed in any manner outside your LANs Firewall. 2.) Netmask & Route entries in all devices (PCs, Servers, Wireless APs, Routers, and Firewalls) MUST be correct for your network. 3.) A Good Firewall with PORT Mapping to those FEW services that must be open to the Internet and outbound Network Address Translation support (masking) is a must in today's world. So, what would I recommend and why. Build an Internal DNS server with the A, MX and CNAME records in it for your internal LAN systems and point your users at this server for their DNS resolution. In this Internal DNS configuration specify a FORWARDERS record so that things it can not resolve (www.midrange.com) will be forwarded to an external Public Server (Usually provided by your ISP). You might need to configure this in resolv.conf, verses named.boot depending on the operating system and version of named you use. The result is when at home www.myserver.net will resolve to the public address, and when on the LAN it will resolve to the private address. In the case of a Web server this whole issue becomes more critical because the DNS entry is a critical component of the URL string being parsed by your HTTP Server and you always want it to see http:\\www.myserver.net... regardless of the users IP network assignment (Public/Private)... Have a safe day.. JMS... ==================== Jeffrey M. Silberberg CompuDesigns, Inc. Atlanta, Ga. 30350-5640 PS: Placing the internal DNS on iSeries, Linux, FreeBSD, AIX or WinDoze, is a question that each site should address based on workloads, dependability and management demands on budget and resources. < S N I P > > Why? A private IP addresses should be returned from a DNS query in the > answer. I know Internet routers are not suppose to forward traffic to > private IP addresses, but the private IP is in the answer. And then once > you get that you are on your internal network. Or is because most DNS let > you look at the zone file with NSLOOKUP or DIG and then a hacker can get a > pretty good idea of how your network is setup and IP addresses. > < S N I P> > > Sorry for ranting, but this thread has me fired up. We having him setting > up DNS without even finding out what the problem was. > > John Ross > < S N I P>
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.