HPE Community
Operating System - HP-UX
1834096 Members
2607 Online
110063 Solutions
New Discussion

Re: DNS / Bind

 
Fred Martin_1
Valued Contributor

‎11-20-2000 06:44 AM

‎11-20-2000 06:44 AM

DNS / Bind

Currently I have all PCs (Win95/NT Server) on my network set up with DNS settings pointing to DNS servers outside my firewall (yuck).

Primarily this is for name resolution for web browsing.

All PCs currently POP/SMTP to my HP-UX 10.20 box for email, telnet there etc. for networked applications. All by address, not name.

So, I want to start up DNS on my unix server, and point all internal machines to it for DNS. This will remove my reliance on external DNS servers, and for address-only name resolving.

Now, the question is, what type of DNS server do I set up? Primary, Secondary, Caching Only?

Currently my ISP has the zone files for the handful of addresses and records which I want them to be the authority on. And I don't want the rest of my network known to the DNS server at my ISP. I do want my local machines to resolve as much as possible internally, first.

I'm looking for primer comments and at this time, about the differences between these DNS servers; I have the O'Reilly DNS/Bind book, and the HP Internet Servcies manual. Still, it's a bit unclear to me.

Fred
fmartin@applicatorssales.com
0 Kudos
Reply
4 REPLIES 4
Berlene Herren
Honored Contributor

‎11-20-2000 07:06 AM

‎11-20-2000 07:06 AM

Re: DNS / Bind

You can set up DNS internally, but if you want any inside users to be able to resolve names on the internet, you will need a forwarder statement in named.boot. I attached a document that maybe a bit clearer than the O'Reilly (forgive me, Cricket ).

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎11-20-2000 09:36 AM

‎11-20-2000 09:36 AM

Re: DNS / Bind

I can not see Berlene's attachment, so sorry in advance if any of this has been stated!
First thing to consider (other than your current network design) is what your future plans are. Especially if you plan on running DNS for your zone.
From what you mentioned, your ISP is primary, and you are NOT running secondary. A secondary server simply copies a primaries zone(completely).
What you probably want is to setup a DNS server as a primary for your domain. Do this without the ISP. As it sets now, the ISP is authority for your domain, so you will never get hits from outside of your network. Make sure that your servers config contains the forwarder as Berlene mentioned. You can use multiple name servers, but at a speed penalty.
Newer bind also has the ability to ACL lookups. In other words, you can setup and ACL for your internal IPS, and allow those only the ability to lookup addresses. Anything outside of your network will be refused.

Hope it helps!
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Fred Martin_1
Valued Contributor

‎11-20-2000 02:54 PM

‎11-20-2000 02:54 PM

Re: DNS / Bind

Berlene, I don't see the attachment :(
Fred
fmartin@applicatorssales.com
0 Kudos
Reply
Albert E. Whale, CISSP
Honored Contributor

‎11-20-2000 08:30 PM

‎11-20-2000 08:30 PM

Re: DNS / Bind

Fred,

You should be able to set up a Master Server for your Domain Name (A master server is the Master Source for IP Addresses which you maintain).

In the creation of the DNS Server, you will automatically have 'hooks' into the Internet DNS Master Servers for your Browser Lookups.

You shouldn't worry too much about the type, especially since you can create the Master for YOUR Domain, Point Your PCs to it, and all of the rest of the DNS Queries will Automagically get referred to the Internet (and they can bypass the DNS Servers you currently rely on).

Hope this Helps!

Btw, there are MANY Resources available (the O'Rielly Guide is irreplacable!) have you looked at the developers site at http://www.isc.org/products/BIND/ and http://www.nominum.com/resources/faqs/bind-faq.html and
http://www.isc.org/products/BIND/contributions.html

Hope this helps.

Have a Great Day!
Sr. Systems Consultant @ ABS Computer Technology, Inc. http://www.abs-comptech.com/aewhale.html & http://www.ancegroup.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.