HPE Community
Operating System - HP-UX
1827249 Members
2855 Online
109716 Solutions
New Discussion

Re: DNS and two networks

 
SOLVED
Go to solution
Fred Martin_1
Valued Contributor

‎11-29-2007 09:45 AM

‎11-29-2007 09:45 AM

DNS and two networks

My internal DNS, behind our firewall, is the master and SOA for our domain name.

There is a firewall between me here and the public internet, and NAT is taking care of the usual stuff.

DNS, when resolving something not in my domain, looks to public DNS forwarders.

It may be unfortunate but but public DNS has a different (public) IP for the same domain name - my internal domain name is the same as the public name.

Problem is, in my DNS the 'www' host refers something local. That is, since my local DNS is master, if I remove the 'www' host from DNS and query on 'www', it fails and does -not- forward it to public DNS for resolution.

I guess what I want is:

mail ---> resolve to mail.internaldomain
host ---> resolve to host.internaldomain
www ---> resolve to www.publicdomain

Difficult because the names internaldomain and publicdomain are the same, i.e. "mycompany.com".

Can I split out this one 'www' host in some way?

As you might guess I used to have web sites internal, but moved them to a public web hosting service. Now I can't reach them from the inside any more.

Thanks in advance for assistance,
Fred
fmartin@applicatorssales.com
0 Kudos
9 REPLIES 9
Steven Schweda
Honored Contributor

‎11-29-2007 10:51 AM

‎11-29-2007 10:51 AM

Re: DNS and two networks

> I guess what I want is:
> [...]

Not really. Names are resolved to addresses,
not to other names.

Can't you use something like this?

www.mycompany.com. IN A out.side.add.ress

There's no law that says that the addresses
in your DNS data base must belong to you.

Around here (DSL with one external address):

[...]
alp.antinode.org. IN A 209.98.249.184
www.antinode.org. IN CNAME alp.antinode.org.
antinode.org. IN A 209.98.249.184
[...]
alp-l.antinode.org. IN A 10.0.0.9
[...]
dy.antinode.org. IN A 10.0.0.39
[...]

where 209.98.249.184 is my external address,
and the internal addresses are 10.0.0.x.

Any reference to www.antinode.org or
alp.antinode.org or plain-old antinode.org
will go to 209.98.249.184 (the DSL router's
external address), and the DSL router will
normally NAT the thing to 10.0.0.9 (alp's
internal address). If I'm inside and know
that I want to stay inside, I can ask for
alp-l explicitly.
0 Kudos
Fred Martin_1
Valued Contributor

‎11-30-2007 01:33 AM

‎11-30-2007 01:33 AM

Re: DNS and two networks

Well, sometimes simple stuff just gets right by me :)

It does in fact, work - but I still have problems.

An A record for the 'www' host with the IP of the remote site certainly resolves it to that address.

I have another problem that I didn't mention, and now seems a good time to bring it up.

We actually have three domains and three web sites. Internal DNS uses one DB file and the three DNS zones point to the same DB. i.e. one network, one DNS server, three domain names masquerading as one.

The internal webserver previosuly used header records to deliver the correct web site.

When the sites were moved to the remote server, they were given unique IP addresses.

So as you can see, my single 'www' record can only point to one of my sites.

I created A record and explicitely named the domain like this:

www.domain1.com IN A 64.13.251.83
www.domain2.com IN A 64.13.251.184
www.domain3.com IN A 64.13.251.185

DNS returns the right addresses, but does an odd thing with the name:

Trying DNS
Name: www.domain2.com.domain1.com
Address: 64.13.251.184

(domain1 is the SOA)

The right address is returned but my browser can't locate:
www.domain2.com
(server not found).

Odd, but the browser does find the server for:
www.domain1.com

Fred
fmartin@applicatorssales.com
0 Kudos
Steven Schweda
Honored Contributor

‎11-30-2007 02:37 AM

‎11-30-2007 02:37 AM

Re: DNS and two networks

> DNS returns the right addresses, [...]

What does that mean? _Nslookup_ returns the
right addresses? (A transcript showing
actual commands and actual output can be more
helpful than a vague description.)

> The right address is returned but my
> browser can't locate:
> www.domain2.com
> (server not found).

Does the browser work if you specify the IP
address? (And which browser is "my
browser"? This can affect how the message
should be interpreted.)

Should I assume that you've been incrementing
serial numbers in the DNS files when you make
changes, or do I need to worry about caching?

> (domain1 is the SOA)

If the _only_ SOA is for domain1, why should
anyone ask your server for info about another
domain?

> We actually have three domains [..]

This is, of course, fancier than anything
with which I need to deal here, and I haven't
needed to think seriously about this stuff
for years, so this part of my brain may be
getting empty now.
0 Kudos
Fred Martin_1
Valued Contributor

‎11-30-2007 09:42 AM

‎11-30-2007 09:42 AM

Re: DNS and two networks

Very sorry. As it turns out your suggestion for creating the A record works fine. The issues I had with it earlier were caused by syntax errors and/or caching issues. Once all that cleared it works well.

Regarding the specific case I have with three domain names and one DB file, here are some specifics just for clarification.

In my named.conf file are the following (this is an incomplete fragment but it gets the point across):

zone "domain1.com" {
type master;
file "db.domain1";
};

zone "domain2.com" {
type master;
file "db.domain1";
};

zone "domain3.com" {
type master;
file "db.domain1";
};

So the one A record for 'www' in the file db.domain1 does resolve all of these to the same IP:

www.domain1.com
www.domain2.com
www.domain3.com

Wasn't a problem when the web server was on my local network for reasons stated. But now that the three web sites are remote and have unique IP's at the remote site, this won't do.

The quickest fix, which I've tried and it works, is to create three nearly identical unique zone db files, and changed named.conf so each zone points to it's own file.

Regarding hosts at least, the files are identical, except for the 'www' records, which have the unique remote IPs stated.

There is still only one reverse lookup db file for the network IP space, which always resolves IPs back to domain1.com, but that's not necessarily broken, at least not on this private network.

This creates triplicate work for me when adding/removing/changing other records, as I now have to modify the identical records in each of three db files, for the sake of the one 'www' record.

So I suppose if someone has a more elegant solution I'd entertain it.

But thanks again for your help.
fmartin@applicatorssales.com
0 Kudos
Steven Schweda
Honored Contributor

‎11-30-2007 10:58 AM

‎11-30-2007 10:58 AM

Solution

Re: DNS and two networks

Isn't there a $INCLUDE directive which you
could use to pull in a file where you keep
all the common stuff (that is, everything
except "www")?


> [...] points to it's own file.

That's "its".
0 Kudos
Fred Martin_1
Valued Contributor

‎12-03-2007 02:05 PM

‎12-03-2007 02:05 PM

Re: DNS and two networks

Steven,

I just found the information on $INCLUDE in the O'Reilly DNS/Bind book, and it does appear that would do the trick.

Unfortunately there's no information about the format of the file.

I'm sure the host records are identical to any DNS database, but I'm not sure whether or not an include file would contain TTL and SOA records, etc, or just host-to-IP records.

Anyone out there using $INCLUDE?
fmartin@applicatorssales.com
0 Kudos
Steven Schweda
Honored Contributor

‎12-03-2007 03:57 PM

‎12-03-2007 03:57 PM

Re: DNS and two networks

> Unfortunately there's no information about
> the format of the file.

It's just a file full of the same zone stuff
you'd have in the file which says "$INCLUDE".
In this case, I assume that it'd contain a
bunch of "A" records, or whatever.

I gather that there's another "include"
directive which is used in a "named.conf"
sort of configuration file, but that's
different.

http://www.bind9.net/manuals
0 Kudos
Fred Martin_1
Valued Contributor

‎12-04-2007 05:24 AM

‎12-04-2007 05:24 AM

Re: DNS and two networks

Works great.

I created a db.commonhosts file, which contains no header info, only host records such as:

host1 IN A xxx.xxx.xxx.xxx
host2 IN A xxx.xxx.xxx.xxx

The NS, CNAME and MX records are in there too, etc. everything except the www A record.

Then, each zone file gets very small:

$TTL 3600
@ In SOA etc etc (
1 ; serial
10800 ; Refresh every 3 hours
3600 ; Retry every hour
604800 ; Expire after a week
86400 ) ; Minimum ttl of 1 day

$INCLUDE /etc/named.data/db.hosts
www IN A xxx.xxx.xxx.xxx

fmartin@applicatorssales.com
0 Kudos
Fred Martin_1
Valued Contributor

‎12-04-2007 05:33 AM

‎12-04-2007 05:33 AM

Re: DNS and two networks

typo above in $INCUDE statement, that should be:
$INCLUDE /etc/named.data/db.commonhosts
fmartin@applicatorssales.com
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.