[swlug] BIND configuration

Robert McQueen robot101 at debian.org
Thu Jul 11 20:30:16 UTC 2002


On Thu, Jul 11, 2002 at 04:16:51PM +0100, Tim Bonnell wrote:
> I'd like to configure BIND on my home server, but the one question that
> alwas stumps me is the domain suffix of the PCs on my internal network?
> 
> I dial-in through PPP to www.uklinux.net, and I also own the hosted domain
> bonnell.co.uk
> 
> what should I use to identify my internal machines, if anything.
> 
> anybody done this sort of thing before?
> 
> Regards,	Tim

The idea of this is that if you are somecompany.com and you have
machines foo bar and baz, all at that domain, you can set the domain
suffix to somecompany.com. Then any lookup from any of the machines will
first try the domain at the top level, but if that fails, it will append
somecompany.com and retry. This is useful because you can then 'ping
foo' or 'ssh baz' from different machines without remembering IPs or
writing somecompany.com.

With regard to a home LAN which is not directly net acessible, you have
two options. The first, which I do, is to make up a top level domain
that you can be reasonably sure will never exist. In my case, this is
mcnet. My local DNS servers are authoritative for .mcnet at the top
level, only to queries inside the LAN.

The other option is to put your internal hosts into the external zone
and set the search suffix to that, but this will result in info (the
internal address space) on your LAN being available to the outside
world, unless you start playing tricks about having different zones when
you resolve inside as opposed to out. You could do lan.bonnell.co.uk and
have that as your local suffix, and then prohibit enquiries to that from
the outside world fairly easily.

It's up to you. Having an externally valid local domain suffix is either
an advantage or a disadvantage depending on your configuration. If the
hosts are externally addressible (or will be - think about IPv6 tunnel
in the future or something?) it's handy.

Regards,
Rob





More information about the Swlug mailing list