[CentOS] Antwort: bind dns help?

Johnny Hughes johnny at centos.org
Wed Sep 16 12:05:45 UTC 2009


On 09/16/2009 05:14 AM, Frank.Brodbeck at klingel.de wrote:
> "Roland Roland" <R_O_L_A_N_D at hotmail.com> schrieb am 16.09.2009 12:01:34:
> 
>> I'll explain again... excuse my english..
>>
>> 1. I can browse local virtual hosts normaly
>> 2. I can browse abcd.com (my company's website, and is set also as my 
> local 
>> network domain)
>> 3. if go to public.abcd.com from outside my network (any public place) I 
> can 
>> access that page normally.
>> 4. if try browsing public.abcd.com from inside my network, I cannot as 
> my 
>> local DNS search it's own records for "public" and obviously it wont 
> find 
>> it.
>> the reason such a thing is happening is due to the fact that "abcd.com' 
> is 
>> also set as our network's domain. so instead of forwarding requests to 
> my 
>> ISP's dns to resolve public.abcd.com it simply search it's own records.
> 
> First of all, I'm no DNS expert, keep that in mind when reading my answer 
> ;-)
> 
> This sounds like a split horizon setup for your DNS. If I understand you
> correctly, public.abcd.com is a webserver in your LAN/DMZ but publicly
> available? If so, and if the bind you inherited only answers to requests
> from your LAN you can just add public.abcd.com to your zone file.
> 
> But as I mentioned before, be careful with this advice. If possible, test
> this with something not in production or wait for someone with more DNS
> experience than me.
> 

First set of advise ... get rid of GUIs (like webmin) to manage DNS and
learn where the files are, what goes in them and how to edit them correctly.

It sounds like you have an internal DNS master and an External DNS
master.  Most people do this if they have internal IPs (10.x.x.x,
172.16.x.x-172.31.x.x, 192.x.x.x, etc.) and external (real) IPs to
maintain.  So, do you have some internal and some external IPs to maintain?

The first thing you need to know is where is the master DNS server for
each zone ... the internal one and the external one.

I like to use nslookup for things like this ... other people use dig.
Here is the nslookup way.  Enter this command in a terminal:

nslookup

Now you should be in an nslookup shell.  Use this command to look for
SOA (Start of Authority records):

set type=soa

Now you can input your domain in the line and see the dns servers that
are authoritative for that domain. So in your example, enter:

abcd.com

Once you know the authoritative DNS names, use this command to lookup IP
addresses:

set type=a

Then lookup the addresses of DNS servers by typing each name.  You can
specify the DNS server to use in YOUR nslookups with this command in the
nslookup shell:

server aaa.bbb.ccc.ddd

(enter the ip address of the server you want to lookup against)

Using this, you can do lookups for names on your internal and external
DNS machines ... then you can edit the applicable zone files as
necessary to fix the issues.

You zone files are usually somewhere in /var/named/

Look in /etc/named.conf to see how the DNS server is set up ... here is
some DNS docs:

http://www.centos.org/docs/5/html/5.2/Deployment_Guide/ch-bind.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20090916/766ac0ae/attachment.sig>


More information about the CentOS mailing list