I have a semi-similar setup here. I have a lan tld, and my fugal.net
domain both served off of a server on my lan named falcon. Naturally I
don't want to serve up lan to the world, so I have a setup like what you
are asking for. I don't give a different view of fugal.net, but I could.
This is on Debian.
/etc/bind/named.conf:
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
named.conf.options is rather boring.
name.conf.local:
view "internal" {
include "/etc/bind/named.conf-internal";
include "/etc/bind/named.conf-common";
};
view "external" {
include "/etc/bind/named.conf-external";
include "/etc/bind/named.conf-common";
}; // view "external"
named.conf-internal:
match-clients { 172.16.0.0/12; 127.0.0.1; };
recursion yes;
//zone "fugal.net" {
// type master;
// file "/etc/bind/db.fugal.net-internal";
//};
zone "lan" {
type master;
file "/etc/bind/dyn/db.lan";
allow-update { 172.17.0.0/24; };
};
zone "0.17.172.in-addr.arpa" {
type master;
file "/etc/bind/dyn/db.172.17.0";
allow-update { 172.17.0.0/24; };
};
The external view is similar but for external queries, obviously. The
part I have commented out above is where you would accomplish what you
want. But, if I'm reading it right you might want to proxy the requests
for charlescurley.com on to your nameserver out on the tubes. If that's
the case, you might be able to do some trick with forwarding and
(non)authoritativeness. I would probably either go with the two explicit
views (generated by a script and makefile if you want to avoid repeating
yourself), or using an experimental domain or subdomain (which makes
deployment a bit less tested).
On Fri, 30 Nov 2007 at 21:16 -0700, Charles Curley wrote:
> I have a domain, charlescurley.com, with its name, etc. served by
> domain name servers out there on the net somewhere. I also have my
> local area network, with machines like foo, bar, and baz. The network
> is NATted and not visible outside of the firewall.
>
> I currently use the TLD "localdomain" for the LAN, so resolv.conf
> looks like:
>
> [EMAIL PROTECTED]:/etc# cat resolv.conf
> search localdomain
> nameserver 192.168.1.3
> nameserver 192.168.1.4
>
> I set up an experimental server on a test machine which has the domain
> "charlescurley.com" and is authoritative for it. Since it is on the
> LAN, only machines on the LAN can see it or use it. I have local
> machines working correctly, e.g. foo.charlescurley.com resolves
> correctly. Its resolv.conf looks like:
>
> [EMAIL PROTECTED]:/var/named/etc/sites# cat /etc/resolv.conf
> search charlescurley.com
> nameserver 192.168.1.47
>
> The local machines are on 192.168.1.0/24, but the server for
> charlescurley.com isn't.
>
> The question is, how do I get the local name server to correctly serve
> up "charlescurley.com" (and "www.charlescurley.com", an alias for
> charlescurley.com) to the local network.
>
> I already know I can stick it in /etc/hosts, but that has all the
> problems that using /etc/hosts normally has. I'd like to do it with
> bind.
>
> Thanks
>
> --
>
> Charles Curley /"\ ASCII Ribbon Campaign
> Looking for fine software \ / Respect for open standards
> and/or writing? X No HTML/RTF in email
> http://www.charlescurley.com / \ No M$ Word docs in email
>
> Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
--
Hans Fugal ; http://hans.fugal.net
There's nothing remarkable about it. All one has to do is hit the
right keys at the right time and the instrument plays itself.
-- Johann Sebastian Bach
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
