RE: named.conf et al and home network segments

Tue, 29 Jul 2003 16:36:56 -0700 

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:owner-freebsd-
> [EMAIL PROTECTED] On Behalf Of David S. Jackson
> Sent: July 29, 2003 6:10 PM
> To: [EMAIL PROTECTED]
> Subject: named.conf et al and home network segments
> 
> Hi,
> 
> I'm trying to setup dns for my two home network segments,
> 192.168.0/24 and 192.168.1/24.  I just need internal dns access,
> no outside access.
> 
> It sounds like a relatively simple problem, but I'm just not sure
> how to go about it.  Do I just set up 2 reverse zones,
> 0.168.192.in-addr.arpa and 1.168.192.in-addr.arpa in named.conf?
> Then put all the A records for both segments in the db.dsj.net
> zone file?
> 
> Or should I create a separate name server for each segment?
> 
> I'd like the internal (192.168.1/24) segment to be able to access
> all servers on the external segment (192.168.0/24), but not allow
> any of the external services to query the internal.  Does that
> mean I need two dns servers?
> 


You don't need to setup two servers.  You can simply create two reverse
zones for each of those networks.  Something like this (I just did a
quick copy paste, so most of this will not apply to you, be warned!)

zone "0.168.192.in-addr.arpa" in {
        type master;
        file "db.192.168.0";
        allow-query { 192.168.0.1/16; };
};

followed by...

zone "1.168.192.in-addr.arpa" in {
        type master;
        file "db.192.168.1";
        allow-query { 192.168.0.1/16; };
};

Of course, replace db.192.168.x with whatever you named your files. 

Also look at
http://www.freebsd.org/cgi/man.cgi?query=named.conf&apropos=0&sektion=0&;
manpath=FreeBSD+4.8-RELEASE&format=html#ADDRESS+MATCH for more on
"allow-query"

Hope this helps you,

Sandro

> David S. Jackson                        [EMAIL PROTECTED]
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> I don't deserve this award, but I have arthritis and
> I don't deserve that either.
>               -- Jack Benny
> _______________________________________________
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> [EMAIL PROTECTED]"

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to