Intranet nameserver

Jindrich Matuska tiba na pce.bohem-net.cz
Pátek Listopad 14 07:41:47 CET 1997


> Dobry den,
> 
> >    Uz nejaky cas resim, jak vytvorit DNS server pro intranet, tj. sit bez
> > primeho pristup do Internetu. Uz se mi podarilo rozchodit primou i
> > reversni DNS, ale objevil se novy problem, se kterym si nedokazi poradit.
> > Jde o to, ze chci, aby firewall (tj. pocitac s pristupem do Internetu i
> > intranetu) dokazal resolvnout oba druhy adres. Dam si tedy do resolv.conf
> > obe adresy (Interneti i intranetovy DNS). Jenze s tim je problem. Jakmile
> > prvni DNS server adresu nenajde, tak resolver uz se na druhy nameserver
> > neobrati. Tj. bud funguje resolving Internetovych jmeno, nebo
> > intranetovych, ale ne oboji najednou.
> >    Pomohlo by, kdyby se named dal nakonfigurovat aby neodesilal zaporne
> > odpovedi - nevite, jestli to jde?
> 
>    Mne napada jedno reseni: aby na firewallu bezel dalsi DNS server, ktery
> by fungoval jako sekundarni pro intranet a soucasne byl ochoten posilat
> dotazy ven. Tim by se snad vsechny problemy trivialne vyresily.
> 

No jo, ale to pak je z Internetu videt DNS vnitrni site. Mozna to nevadi,
mozna jo. 

Ja to resim tak ze na firewallu skutecne pustim DNS server, ale ten neni
sekundarni pro intranet. Do /etc/resolv.conf firewallu nedam jako prvni
nameserver 127.0.0.1 ale adresu puvodniho nameserveru v intranetu. 
Nameserevr 127.0.0.1 dam az jako druhy. Ten nameserver v intranetu
nastavim tak aby vsechny dotazu predaval namserveru na firewallu
(forwarders fi.re.wa.ll, slave). Vsem pocitacum pak nastavim aby jako
primarni nameserver pouzivali ten nameserver v intranetu a jako sekundarni
ten na firewallu (zaloha). 

Tim ziskavam navic moznost aby v domene (napr.) firma.cz bylo videt neco
jineho z intranetu a neco jineho z Internetu - firewall nastavim jako
primarni pro domenu firma.cz a zapisu ho do "oficialniho" Internetoveho
DNS. Obvykle nechci aby z Internetu bylo v DNS videt cokoliv jineho nez
WWW a FTP server. Stanice stejne jdou ven pres Squid a IP masquerading.

Rozhodne existuje spousta jinych reseni, tohle je moje varianta a
osvedcila se.

zkus se jeste podivat na novou vezi BIND 8.1.1
http://www.isc.org/isc/

Jindrich Matuska

begin 600 WINMAIL.DAT
M>)\^(C &`0:0" `$```````!``$``0>0!@`(````X na 0```````#F``$-@ 0`
M`@````(``@`!!) &`/P````!````# ````,``# #````"P`/#@`````"`?\/
M`0```#D`````````@2L?I+ZC$!F=;@#=`0]4`@````!L:6YU>$!M=6YI+F-Z
M`%--5% `;&EN=7A ;75N:2YC>@`````>``(P`0````4```!33510`````!X`
M`S !````#@```&QI;G5X0&UU;FDN8WH````#`!4,`0````,`_@\&````'@`!
M, $````0````)VQI;G5X0&UU;FDN8WHG``(!"S !````$P```%--5% Z3$E.
M55A 355.22Y#6@```P``.0`````+`$ Z`0````(!]@\!````! ````````-J
M* $(@ <`& ```$E032Y-:6-R;W-O9G0 na 36%I;"Y.;W1E`#$(`02 `0`8````
M4D4Z($EN=')A;F5T(&YA;65S97)V97(`C@@!!8 #``X```#-!PL`#@`'`"D`
M+P`%`%$!`2" `P`.````S0<+``X`!P`G`!T`!0`]`0$)@ $`(0```$$U,D-$
M.3DU0D,U0T0Q,3%"13(S,# V,#A#0T8T,T,Q`#L'`0.0!@#0!P``$@````L`
M(P```````P`F```````+`"D```````,`-@``````0 `Y`(#;(&'(\+P!'@!P
M``$````8````4D4Z($EN=')A;F5T(&YA;65S97)V97(``@%Q``$````6````
M`;SPR&$9E=DLIER\$=&^(P!@C,]#P0``'@`># $````%````4TU44 `````>
M`!\,`0```!8```!T:6)A0'!C92YB;VAE;2UN970N8WH````#``80$:]BM@,`
M!Q"9!@``'@`($ $```!E````1$]"4EE$14XL55I.14I!2UE#05-215-)32Q*
M04M665163U))5$1.4U-%4E9%4E!23TE.5%)!3D54+%1*4TE40D5:4%))345(
M3U!225-455!$3TE.5$523D54555:4T5-25!/1 `````"`0D0`0```%0&``!0
M!@``\ H``$Q:1G4+DST#_P`*`0\"%0*H!>L"@P!0`U0)`@!C: K <V5T,O4`
M`"H"X6$'@ 8`!L,"@.Q-5!*G`?$R`\8'$P*#NC,4+7T*@ C/"=D[%Q]X,C4U
M`H *@0VQ"V!N\&<Q,#,50 L*%4(,`3IP`V!T!9 %0 J+;&D<,S8;H1K_' (^
M($0@;V)R>2 -L&XL'PJ%'M ?EQ[0(,%5>B @;F5J86L?,&-A1P0@%R `D&TL
M("%1(%!V>71V!;!I!4!$IDX%\!'0<G8$D" ;P7(@"X!T<@!P$> B,'2,:BXC
M4"+Q8F5Z("D;&\ '<6 na C\"81<W1U=G ?0"/P20(P!)$1X'7')- A`1'0(&UI
M(\ $<.\*P ,0(_ #8'H1D 1P(O&_)A((8"0`("D7(".1<P,`WR,2(C '0!*0
M'P!J*O #$;DH(6YO(I CP@)@92(A?2 na A:R=A!L DX2$A)Q!K7&%Z*&(D0"EQ
M+B I2M<-L"OP)*!O(C!Z$I 1D)1C:2NA8A\P9FD7(/9W!T #("@DLBB ,1 !
MD'YC(U FABU0)PLJ&R06=;XI)P$NH0= (=(&\'8LL!9U!4 ?`&$?0')U:.\?
M,"\@(>$DT$02<"XB&_ N9!\Q*/$V na RX%H&YFWR I'P`2D#?#'S H)T8H8*\[
MP20E+,(C(2DDT$H)\/\PP00 na .[ N$"P na +/8]`2%@_RA0*] E:S; *U,C5C?#
M*@#[(3 28&H-L"21(F$V=".A_G4H`Q)@-U428B-D("DA,"T?`6$[L"305"3!
M8G7J9#& =1H@=3WA-G0+@/YG)S<LP1&0(D '@"RP(C!_(3 &X#2?1X4KI"$P
M*_%O?FHN04%P"8 VT2]J(,%0N0-P;V na HX3%@(C!K.,!_,6%"TP> 1> HH ,@
M$F!K[3FA:48P`V!V13 Q0T3A_PVP`) +8 , na -C N\2$P.=K.9"B (Y I<" M
M(2$L0/<;\"(Q!Y!T'1 P<2) #;#V/Q^?(,)-2I$28 JP**#//=%+82'2"?!I
M.D]D-T#W,98J`"4Q90, na 3D$N,2,H_TTQ+=)3ES%B1A%/(0,@(5'[(_ 1T&M&
M$"BA*T$CVBNP_R-0"& AH4J1,6 #(#* )F#O&_ #H"B 4 )T4Y<G$ &0]GH?
M,".0;D5A/;%-A"LP[R\@(H 1T!&0;BSG'S D,#YI+$ '0$J1(I AXFQY]R]H
M"H4*A4Y3,3"1*\)3(?\*L")P/>$A$#/H+$ -L",$KS_A)# K023Q923032D@
M_T,!4R%2,2\A'X8$8&?R9'#_)-!C;#Z na 4Q(AXT'#,,%6N\YS6Q ;\4J1<'4F
MP#VQ_UA*9+-=L4%!*B9:_R0T.!'E(_ O$>!C+SDI5MDN81\X05JC/\,*A4.8
M(#$RZ#<N,'5Q,2NS0-5M4/LBP$M@:29A0YAF,34X:<?^3D.D*O!U*G-"+K!:
ME#=COT5A;M)TJ'?Y="<FP&$L0/]K9#%28)9>XW9Q%R%^`$Y3KFUW=E:Z"H4H
M`A!R,=!7"R K$3&!+A<@+C'0+M\Q\"UQ"V CD#SQ5A'0+A#],G5UA'$B87W'
M,5):H na J%_R82<!-TF2B 0J!AP = .()_>]\U95QA6JT*A8C45MDH^S8Q3,!A
M//%C;%^B+L!LP/^ `2X0$F L0#+0:4)=\$]4+W?P)Q!($1*0*%4A<B[_-= Q
MD0# .8 A$%TA(_!F5/\A, 6@"H5*\"$P)F$A$(GJ_Y+2DW na SZ%(0,9=]QX9/
M6W7_D*,J`)&7-T!0800`*@`F87DG$2)O,9 Q$&'Q=O$BGT<9)E$*A2,A)-!/
M8B*0_FM*8S#R,4-EFI(D9J1F8W\%H$Z@'1!W\).%(3 E5E=CH@!<84944"-5
M)-!3VP&0`P!C/6$;\&I*D4& SRGQ7U%_L na 9!<75F8%QA]DFB@ # <Z4`!) O
M(1H na -R]F"H4(`'HI44J197C[)K(]X7.(,7WADW)'PE7T_R213,&C\2 na Q2N!B
M(2BQ`'#]J,%A"H5=\%'!,1 +8"-1[Z9M"T84$@P!8P! ,+!OT/\$("@A4K(]
M\2EA3S)#`2RQ`Z0S+L%"24Y$(#@7=;!UL J%: ) <#HOE"]WLG N! !C+ na 6P
M]&<OLK$O'6\;[:VO:E;O"X W8(^01^!-13!M8"Z na 7[-_M(^MR;CM%D$`N_ #
M`! 0`0````,`$1 `````0 `',"#@!0_(\+P!0 `(,"#@!0_(\+P!'@`]``$`
0```%````4D4Z( `````'C0`'
`
end



Další informace o konferenci Linux