× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2002

Re: Setting UP DNS

My Two Cents:

        I agree with John about answers and explanations, but a secondary
DNS is not the answer either people.

        I am assuming that the issue here, as in 98% of the routing issues I
look at for users these days, is IP routing and DNS resolution complicated
by the use of RFC-1918 private IP Polls.

Three things to remember when designing your solutions:

        1.) Private IPs are just that Private, and should not be exposed in
any manner outside your LANs Firewall.

        2.) Netmask & Route entries in all devices (PCs, Servers, Wireless
APs, Routers, and Firewalls) MUST be correct for your network.

        3.) A Good Firewall with PORT Mapping to those FEW services that
must be open to the Internet and outbound Network Address Translation
support (masking) is a must in today's world.

        So, what would I recommend and why. Build an Internal DNS server
with the A, MX and CNAME  records in it for your internal LAN systems and
point your users at this server for their DNS resolution.  In this Internal
DNS configuration specify a FORWARDERS record so that things it can not
resolve (www.midrange.com) will be forwarded to an external Public Server
(Usually provided by your ISP).  You might need to configure this in
resolv.conf, verses named.boot depending on the operating system and version
of named you use.

        The result is when at home www.myserver.net will resolve to the
public address, and when on the LAN it will resolve to the private address.
In the case of a Web server this whole issue becomes more critical because
the DNS entry is a critical component of the URL string being parsed by your
HTTP Server and you always want it to see http:\\www.myserver.net...
regardless of the users IP network assignment (Public/Private)...

        Have a safe day..
        JMS...
====================
Jeffrey M. Silberberg
CompuDesigns, Inc.
Atlanta, Ga. 30350-5640

PS: Placing the internal DNS on iSeries, Linux, FreeBSD, AIX or WinDoze, is
a question that each site should address based on workloads, dependability
and management demands on budget and resources.

< S N I P >

> Why? A private IP addresses  should be returned from a DNS query in the
> answer. I know Internet routers are not suppose to forward traffic to
> private IP addresses, but the private IP is in the answer. And then once
> you get that you are on your internal network. Or is because most DNS let
> you look at the zone file with NSLOOKUP or DIG and then a hacker can get a
> pretty good idea of how your network is setup and IP addresses.
>
< S N I P>
>
> Sorry for ranting, but this thread has me fired up. We having him setting
> up DNS without even finding out what the problem was.
>
> John Ross
>
< S N I P>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.