[gentoo-user] A DNS question.
This isn't strictly a Gentoo question, but I'm setting up Gentoo box to be used as a secondary DNS server, plus some other duties, and I'm hoping there is a DNS wizard reading who can authoritatively answer my question. First off the machine has three network cards, one with a (DHCP) private IP (10.10.32.1) for talking to the local (Windows Domain) LAN. A second NIC with a (Manually configured) IP address (69.12.134.79) that is publicly registered (ns.debug1.com) as a secondary DNS for several domains. And the third NIC has a (Manually configured) private IP address (192.168.0.1) that will be used to "sniff" all traffic that crosses the DSL modem. Obviously on a given system each NIC is usually connected to a different domain, my question is, whether or not it is /legal/possible/okay to use different *hostnames* on different NICs? For example, in the scenario described above, assume the windows domain is named "mydomain.lan," can I have 69.12.134.79 (NIC #2) resolve to ns.debug1.com as that is it's publicly registered name, while IP address 10.10.32.1 (NIC #1) resolves to gentoo.mydomain.lan? TIA Bob Young San Jose, CA. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] A DNS question.
On Sat, 3 Mar 2007 11:17:52 -0800 "Bob Young" <[EMAIL PROTECTED]> wrote: > This isn't strictly a Gentoo question, but I'm setting up Gentoo box > to be used as a secondary DNS server, plus some other duties, and I'm > hoping there is a DNS wizard reading who can authoritatively answer > my question. > > First off the machine has three network cards, one with a (DHCP) > private IP (10.10.32.1) for talking to the local (Windows Domain) > LAN. A second NIC with a (Manually configured) IP address > (69.12.134.79) that is publicly registered (ns.debug1.com) as a > secondary DNS for several domains. And the third NIC has a (Manually > configured) private IP address (192.168.0.1) that will be used to > "sniff" all traffic that crosses the DSL modem. > > Obviously on a given system each NIC is usually connected to a > different domain, my question is, whether or not it > is /legal/possible/okay to use different *hostnames* on different > NICs? > > For example, in the scenario described above, assume the windows > domain is named "mydomain.lan," can I have 69.12.134.79 (NIC #2) > resolve to ns.debug1.com as that is it's publicly registered name, > while IP address 10.10.32.1 (NIC #1) resolves to gentoo.mydomain.lan? > > TIA > Bob Young > San Jose, CA. > > If your question is whether you can use multiple names in DNS, I believe you can. However, Im not sure they all can be A records -- you might need to use CNAME records instead. Also, you may or may not need PTR records to the ip from the various names. Different ip addresses usually deserve/get their own name, and this is appropriate. IF you want to have all 3 ip addresses have the same hostname, that should be ok too, but whether that's a reasonable way of doing things is questionable. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] A DNS question.
Hello, On Sat, Mar 03, 2007 at 11:17:52AM -0800, Bob Young wrote: > Obviously on a given system each NIC is usually connected to a different > domain, my question is, whether or not it is /legal/possible/okay to use > different *hostnames* on different NICs? AFAIK, you can have multiple names for one IP and multiple IPs for one name (there are more ways to do that). So, I see no reason why anyone would ever forgive you to have different name for each of IP addresses your computer has. The other question is if you really want to do that, because there might be applications not expecting your computer is "schizophrenic" in such way and go nutty. With regards -- When eating an elephant take one bite at a time. -- Gen. C. Abrams Michal 'vorner' Vaner pgpy27DlVLRZa.pgp Description: PGP signature
Re: [gentoo-user] A DNS question.
On Sat, 3 Mar 2007 22:04:59 +0100 "Michal 'vorner' Vaner" <[EMAIL PROTECTED]> wrote: > Hello, > > On Sat, Mar 03, 2007 at 11:17:52AM -0800, Bob Young wrote: > > Obviously on a given system each NIC is usually connected to a > > different domain, my question is, whether or not it > > is /legal/possible/okay to use different *hostnames* on different > > NICs? > > AFAIK, you can have multiple names for one IP and multiple IPs for one > name (there are more ways to do that). So, I see no reason why anyone > would ever forgive you to have different name for each of IP addresses > your computer has. The other question is if you really want to do > that, because there might be applications not expecting your computer > is "schizophrenic" in such way and go nutty. > > With regards > on the contrary, there are good reasons to have more than one name for a single computer. For example, say I have a server 'zeus.mydomain' that also does mail. If I name the mailserver 'mail.mydomain' then I can CNAME that to zeus.mydomain via DNS, or I can just set mail.mydomain to the ip address of the second interface. Result - I can redirect my mail to mail.mydomain and it can go to whatever computer I desire, whether or not it has different names. 'zeus' is still listening under that name for other requests. If i use 'zeus' for heavy filesharing, I can still get good access over a non-saturated ethernet device on 'mail'. nevertheless, such a thing would really better be accomplished with ethernet bonding and CNAMEs in dns configuration. another, more reasonable situation might be a computer that routed a few subnets and also provided other services to a subnet or two. It might also have an external interface to the ISP, whose hostname on that network is not up to you. I don't want to use "c-24-245-14-14" as the name for my internet gateway on the inside, do i? Similarly, on subnet A it might make perfect sense to call it 'gateway.a.domain' but perhaps such a computer -- another internet gateway, perhaps? already uses that name on subnet B. In that case, imight want to name the same computer router.b.domain since it routes traffic from b to a. make sense? correct me if i'm wrong ; ) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] A DNS question.
On Sun, 4 Mar 2007, Bob Young wrote: > This isn't strictly a Gentoo question, but I'm setting up Gentoo box > to be used as a secondary DNS server, plus some other duties, and I'm > hoping there is a DNS wizard reading who can authoritatively answer my > question. > > First off the machine has three network cards, one with a (DHCP) > private IP (10.10.32.1) for talking to the local (Windows Domain) LAN. > A second NIC with a (Manually configured) IP address (69.12.134.79) > that is publicly registered (ns.debug1.com) as a secondary DNS for > several domains. And the third NIC has a (Manually configured) private > IP address (192.168.0.1) that will be used to "sniff" all traffic that > crosses the DSL modem. > > Obviously on a given system each NIC is usually connected to a > different domain, my question is, whether or not it > is /legal/possible/okay to use different *hostnames* on different > NICs? > > For example, in the scenario described above, assume the windows > domain is named "mydomain.lan," can I have 69.12.134.79 (NIC #2) > resolve to ns.debug1.com as that is it's publicly registered name, > while IP address 10.10.32.1 (NIC #1) resolves to gentoo.mydomain.lan? Given that 2 of your IP addresses are in RFC 1918 private IP space, it is a good thing not to have your public DNS name resolve to those IP addresses, as they should not be routable, and may be in use at amny other sites (and thus could resolve to a local address at those sites). Having multiple domain names, each pointing to a separate interface on one machine is certainly within the rules for DNS, and is very effective in certain situations. Some services (email especially) may need to be configured with a list of "these DNS names are also the local server" to operate correctly, but this should not be a huge burden. -- Reverend Paul Colquhoun, ULC.http://andor.dropbear.id.au/~paulcol Asking for technical help in newsgroups? Read this first: http://catb.org/~esr/faqs/smart-questions.html#intro -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] A DNS question.
On Sat, Mar 03, 2007 at 03:21:52PM -0600, Dan Farrell wrote: > On Sat, 3 Mar 2007 22:04:59 +0100 > "Michal 'vorner' Vaner" <[EMAIL PROTECTED]> wrote: > > > Hello, > > > > On Sat, Mar 03, 2007 at 11:17:52AM -0800, Bob Young wrote: > > > Obviously on a given system each NIC is usually connected to a > > > different domain, my question is, whether or not it > > > is /legal/possible/okay to use different *hostnames* on different > > > NICs? > > > > AFAIK, you can have multiple names for one IP and multiple IPs for one > > name (there are more ways to do that). So, I see no reason why anyone > > would ever forgive you to have different name for each of IP addresses > > your computer has. The other question is if you really want to do > > that, because there might be applications not expecting your computer > > is "schizophrenic" in such way and go nutty. > > > > With regards > > > on the contrary, there are good reasons to have more than one name for > a single computer. For example, say I have a server 'zeus.mydomain' > that also does mail. If I name the mailserver 'mail.mydomain' then I > can CNAME that to zeus.mydomain via DNS, or I can just set > mail.mydomain to the ip address of the second interface. Result - I > can redirect my mail to mail.mydomain and it can go to whatever > computer I desire, whether or not it has different names. 'zeus' is > still listening under that name for other requests. If i use 'zeus' > for heavy filesharing, I can still get good access over a non-saturated > ethernet device on 'mail'. Well, this is something else - the computer knows itself as zeus and has "nicknames". However, if I got what the question was about - to be name1 for one card and name2 for the second - and do not appear as name2 on the first at all. IMO machine should have the same "base" name to any domain it shows in - the one that it shows in bash command prompt. Then you can have additional names for the services and they can differ. But the name showed on the bash should probable be reachable (if possible) from any network it appears on. The situation shown here is probably odd (the names here are the only ones there, no additional ones or base ones). [ X ] C1 C2 [ X ] C1 C2 [ X ]. The [ X ] is a machine, is a network and those C? are names of the machine on the net. Now, ping C1 on the middle machine. Should it ping itself on the right interface or look for the left computer? You should at last have something like: [ Name1 ] C1 C2 [ Name2 ] C1 C2 [ Name3 ] (even if Name2 could not be resolved by the DNS on the right network for example). And you can "nickname" Name2 as mail or ntp if it suits you. I hope I made myself clear and I apologize for the previous misunderstanding. Have a nice day -- Anyone who goes to a psychiatrist ought to have his head examined. -- Samuel Goldwyn Michal 'vorner' Vaner pgp4iMiFJo3It.pgp Description: PGP signature
Re: [gentoo-user] A DNS question.
On Sat, 3 Mar 2007 11:17:52 -0800 Bob Young wrote: > This isn't strictly a Gentoo question, but I'm setting up Gentoo box > to be used as a secondary DNS server, plus some other duties, and I'm > hoping there is a DNS wizard reading who can authoritatively answer > my question. > > First off the machine has three network cards, one with a (DHCP) > private IP (10.10.32.1) for talking to the local (Windows Domain) > LAN. A second NIC with a (Manually configured) IP address > (69.12.134.79) that is publicly registered (ns.debug1.com) as a > secondary DNS for several domains. And the third NIC has a (Manually > configured) private IP address (192.168.0.1) that will be used to > "sniff" all traffic that crosses the DSL modem. > > Obviously on a given system each NIC is usually connected to a > different domain, my question is, whether or not it > is /legal/possible/okay to use different *hostnames* on different > NICs? > > For example, in the scenario described above, assume the windows > domain is named "mydomain.lan," can I have 69.12.134.79 (NIC #2) > resolve to ns.debug1.com as that is it's publicly registered name, > while IP address 10.10.32.1 (NIC #1) resolves to gentoo.mydomain.lan? > > TIA > Bob Young > San Jose, CA. H'lo Bob, I'm not a DNS wizard though (with help from friends) I have DNS running locally/publicly. While my environment is not exactly the same as what you describe, it has lots of similarities (which I realized as I wrote the description below) The DNS configuration has several zone files. One is for my 192.168.x.y LAN. A second is for osagesoftware.com. The third is for bogofilter.org. My LAN has multiple machines, with a variety of operating systems and distros. There are appropriate entries for each machine in the LAN zone file. FWIW, each machine has a static IP address. osagesoftware.com's zone file has multiple entries, i.e. www, ftp, mail, etc which all resolve to one machine. bogofilter.org's zone file also has multiple entries. The DNS machine has 2 NIC's - one for connecting to the LAN's switch and the other for connecting to the WAN (internet). The WAN card responds to two static IP addresses (one each for osagesoftware.com and bogofilter.org). HTH, David -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] A DNS question.
On 4/03/2007 8:43 AM, Paul Colquhoun wrote: On Sun, 4 Mar 2007, Bob Young wrote: This isn't strictly a Gentoo question, but I'm setting up Gentoo box to be used as a secondary DNS server, plus some other duties, and I'm hoping there is a DNS wizard reading who can authoritatively answer my question. First off the machine has three network cards, one with a (DHCP) private IP (10.10.32.1) for talking to the local (Windows Domain) LAN. A second NIC with a (Manually configured) IP address (69.12.134.79) that is publicly registered (ns.debug1.com) as a secondary DNS for several domains. And the third NIC has a (Manually configured) private IP address (192.168.0.1) that will be used to "sniff" all traffic that crosses the DSL modem. Obviously on a given system each NIC is usually connected to a different domain, my question is, whether or not it is /legal/possible/okay to use different *hostnames* on different NICs? For example, in the scenario described above, assume the windows domain is named "mydomain.lan," can I have 69.12.134.79 (NIC #2) resolve to ns.debug1.com as that is it's publicly registered name, while IP address 10.10.32.1 (NIC #1) resolves to gentoo.mydomain.lan? Given that 2 of your IP addresses are in RFC 1918 private IP space, it is a good thing not to have your public DNS name resolve to those IP addresses, as they should not be routable, and may be in use at amny other sites (and thus could resolve to a local address at those sites). That's exactly what named "views" are for. You can have clients on one IP range resolve to entirely different IP addresses than those on the outside: http://www.isc.org/sw/bind/arm94/Bv9ARM.ch06.html#view_statement_grammar I have been using bind views in that way for the last 2 years or so so that my internal DNS looks different to that seen on the Internet, the feature works exactly as documented and it's fairly easy to set up. That way there is no need to ever have hosts resolve to private RFC 1918 IP addresses from the Internet. Reuben -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] A DNS question.
I appreciate all the replies, and yes Michael you're correct the original question was in regards to a system having different "base" (host) names for different NICs. IOW the Windows Domain Controller that eth0 is connected to records eth0 in it's DNS table as gentoo.windowsdoman.local. In addition in /etc/make.conf the the following is declared: eth0_dns_domainname="windowsdomain.local" and eth0_nis_domainname="windowsdomain" no nis or dns domainname is declared for eth1 or eth2 as that causes problems. I'll probably also configure BIND to act as a secondary DNS for the domain controller listing on eth0 and eth1. Now with regards to eth1, it is my intent to configure eth1 as with the machines only public IP address (69.12.134.79), and configure BIND to listen on eth1 as a secondary domain name server, the primary domain name server would have an "A Record" for 69.12.134.79 and it would be named ns.somedomainname.com. IOW it would have a different "base" name (ns) than eth0 (gentoo). My question is whether or not this is valid/"legal"/okay, i.e. is it likely to cause any problems? I did see Ruben's comment about named "views" and it looks like that may be something to investigate. Any further comments/suggestions welcome. Thanks, Bob Young San Jose, CA -Original Message- From: Michal 'vorner' Vaner [mailto:[EMAIL PROTECTED] Sent: Saturday, March 03, 2007 2:17 PM To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] A DNS question. On Sat, Mar 03, 2007 at 03:21:52PM -0600, Dan Farrell wrote: > On Sat, 3 Mar 2007 22:04:59 +0100 > "Michal 'vorner' Vaner" <[EMAIL PROTECTED]> wrote: > > > Hello, > > > > On Sat, Mar 03, 2007 at 11:17:52AM -0800, Bob Young wrote: > > > Obviously on a given system each NIC is usually connected to a > > > different domain, my question is, whether or not it > > > is /legal/possible/okay to use different *hostnames* on different > > > NICs? > > > > AFAIK, you can have multiple names for one IP and multiple IPs for one > > name (there are more ways to do that). So, I see no reason why anyone > > would ever forgive you to have different name for each of IP addresses > > your computer has. The other question is if you really want to do > > that, because there might be applications not expecting your computer > > is "schizophrenic" in such way and go nutty. > > > > With regards > > > on the contrary, there are good reasons to have more than one name for > a single computer. For example, say I have a server 'zeus.mydomain' > that also does mail. If I name the mailserver 'mail.mydomain' then I > can CNAME that to zeus.mydomain via DNS, or I can just set > mail.mydomain to the ip address of the second interface. Result - I > can redirect my mail to mail.mydomain and it can go to whatever > computer I desire, whether or not it has different names. 'zeus' is > still listening under that name for other requests. If i use 'zeus' > for heavy filesharing, I can still get good access over a non-saturated > ethernet device on 'mail'. Well, this is something else - the computer knows itself as zeus and has "nicknames". However, if I got what the question was about - to be name1 for one card and name2 for the second - and do not appear as name2 on the first at all. IMO machine should have the same "base" name to any domain it shows in - the one that it shows in bash command prompt. Then you can have additional names for the services and they can differ. But the name showed on the bash should probable be reachable (if possible) from any network it appears on. The situation shown here is probably odd (the names here are the only ones there, no additional ones or base ones). [ X ] C1 C2 [ X ] C1 C2 [ X ]. The [ X ] is a machine, is a network and those C? are names of the machine on the net. Now, ping C1 on the middle machine. Should it ping itself on the right interface or look for the left computer? You should at last have something like: [ Name1 ] C1 C2 [ Name2 ] C1 C2 [ Name3 ] (even if Name2 could not be resolved by the DNS on the right network for example). And you can "nickname" Name2 as mail or ntp if it suits you. I hope I made myself clear and I apologize for the previous misunderstanding. Have a nice day -- Anyone who goes to a psychiatrist ought to have his head examined. -- Samuel Goldwyn Michal 'vorner' Vaner -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] A DNS question.
Hello, On Sat, Mar 03, 2007 at 04:49:48PM -0800, Bob Young wrote: > Now with regards to eth1, it is my intent to configure eth1 as with the > machines only public IP address (69.12.134.79), and configure BIND to listen > on eth1 as a secondary domain name server, the primary domain name server > would have an "A Record" for 69.12.134.79 and it would be named > ns.somedomainname.com. IOW it would have a different "base" name (ns) than > eth0 (gentoo). My question is whether or not this is valid/"legal"/okay, > i.e. is it likely to cause any problems? I do not see why this would be forbidden, however I think it would be a good idea to let gentoo.somedomainname.com resolv to the same IP as ns.somedomainname.com. Or better, ns be a pointer to gentoo (if that is possible, I'm not sure here). It is for clarity and - well, this one is crazy, but it IMO adds to the computer's "personality" and the computer deserves a proper name. With regards. -- Hallowed be the zeroes and ones Michal "vorner" Vaner pgp17T5LMitJF.pgp Description: PGP signature
Re: [gentoo-user] A DNS question.
On Sun, 04 Mar 2007 10:57:01 +1100 Reuben Farrelly <[EMAIL PROTECTED]> wrote: > That way there is no need to ever have hosts resolve to private RFC > 1918 IP addresses from the Internet. in fact, and as already hinted at, there's no way for traffic from the outside world to be routed to a host with a private ip address, so names publicly resolving to private addresses certainly aren't going to work. You should use NAT instead. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] A DNS question.
On Sat, 3 Mar 2007 23:16:47 +0100 "Michal 'vorner' Vaner" <[EMAIL PROTECTED]> wrote: > The [ X ] is a machine, is a network and those C? are names of > the machine on the net. Now, ping C1 on the middle machine. Should it > ping itself on the right interface or look for the left computer? You > should at last have something like: > > [ Name1 ] C1 C2 [ Name2 ] C1 C2 [ Name3 ] /etc/resolv.conf has a search line in which you can set up domains to automatically append to hostnames that aren't fully qualified. If the subnets had different subdomain names, the order/presence/absence in resolv.conf would determin which C? was reached from Name2 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] A DNS question.
On Sun, Mar 04, 2007 at 11:52:55AM -0600, Dan Farrell wrote: > On Sat, 3 Mar 2007 23:16:47 +0100 > "Michal 'vorner' Vaner" <[EMAIL PROTECTED]> wrote: > > > The [ X ] is a machine, is a network and those C? are names of > > the machine on the net. Now, ping C1 on the middle machine. Should it > > ping itself on the right interface or look for the left computer? You > > should at last have something like: > > > > [ Name1 ] C1 C2 [ Name2 ] C1 C2 [ Name3 ] > > /etc/resolv.conf has a search line in which you can set up domains to > automatically append to hostnames that aren't fully qualified. If the > subnets had different subdomain names, the order/presence/absence in > resolv.conf would determin which C? was reached from Name2 Sure you can do all this - but I still think you just do better if you name the computer in some reasonable way - give it its own name that is the same everywhere (even if it has different domains behind it) and add nicknames for services. After all, it IS the same computer. If you do not give the computer a more global name, you need to ask yourself from which network you access it and decide. I did not say you can not do it other way, just that it probably is a good idea to act in a way most people take as sane. With regards -- No, you will not fix me Computer Michal 'vorner' Vaner pgpfIqNUtpfKV.pgp Description: PGP signature
