Re: DNS Problem

[Stephen Samuel <samnospam@bcgreen.com>]

If the caching nameserver doesn't provide any DNS services for
external machines, then you can simply add a 'domain' entry for
the mail server...

in named.conf :
zone "mail.server.mydomain.com" { type master; file "db.fakemail"; };

in db.fakemail:
; $TTL  9000
@       IN      SOA     firewall.mydomain.com.   
myname.myhost.mydomain.com. (
                        2005090107
                        15000           ; Refresh slave check every 4 hours
                        720             ; slaves retry every 12 min
                        ;; 1209600              ; expire: 2 weeks
                        864000          ; expire: 240 hours
                        4320            ; TTL external caches last 72 min

)

;
;Name Servers for Mail server
;
; not external, so geographically diverse rule is moot.
; if you have a redundant server on your net list it here.
                        IN NS   firewall.mydomain.com.
; Record for the mail server... (that is the "domain" you claimed in 
named.conf)
@                       IN A    65.110.6.163


=======================================
That's about it. The '@' gets replaced by the domain name mentioned
in the named.conf Zone record.

This doesn't mess up your firewall's status as a 'caching nameserver'.
is a regular nameserver that doesn't happen to be authoratative
for any domains.... Nothing really special about them at all.




Adrian C. wrote:

>
> Or you could just set an entry like
>
> 10.21.23.20      mail.yourdomain.org
>
> on every client machine (/etc/hosts or 
> %windir%\system32\drivers\etc\hosts (could be different for win2k)).
>
> You could set that up using a logon script (active directory or samba, 
> doesn't matter), or by tricking users with candy to run the script 
> manually :)
>
> --Adrian.
>
> At 10:45 PM 1/27/2006, Glynn Clements wrote:
>
>> gerardo juarez-mondragon wrote:
>>
>> > I have the following situation
>> >
>> >      internet                  internet
>> >         |                         |
>> >         |                         |
>> >     mail server   -----------  firewall
>> >    (10.21.23.20)             (10.21.23.21)
>> >                                   |
>> >                                   |
>> >                               intranet
>> >
>> >                             (192.168.x.x)
>> >
>> > The firewall is also a caching DNS, to speed up
>> > lookups and overcome DNS server downtime. My
>> > problem is that when I lookup the mail server
>> > the address I receive from 10.21.23.21 is the
>> > external address, as seen from outside.
>> > I would like the address to be solved for
>> > internal machines as the shortcut 10.21.23.20.
>> > The routes are correct according to traceroute.
>> >
>> > I thought that if I modified the firewall's
>> > /etc/hosts including the address of the mail
>> > server as 10.21.23.20 and setting nsswitch.conf
>> > to  hosts: files dns
>> > would make it work, but they cached address seems
>> > to have priority.
>>
-- 

Stephen Samuel +1(604)450-0066             samnospam@bcgreen.com
		   http://www.bcgreen.com/
   Powerful committed communication. Transformation touching
     the jewel within each person and bringing it to light.