thr3ads.net - Shorewall users - [Shorewall-users] DNS problems [Jul 2003]

If this information is useful, please help other people find it:
Share via:

Ville Takio

2003-Jul-14 09:00 UTC

[Shorewall-users] DNS problems

This is a part of our network:

-----------------------------
ISP DNS www.foo.com (yyy.yyy.yyy.yyy)
| 
* Linux Firewall --> 192.168.100.1 (net ip xxx.xxx.xxx.xxx) (masqueraded)
     |
     * Windows 2k Server with DNS/WINS/TS etc etc -->
the_server.ourdomain.com (192.168.100.2)
      | 
     * other computers
----------------------------

If I go to a internet cafe and want to connect to our Win2kServer
the_server.ourdomain.com
what do I need to do? Ask our ISP dns to delegate the domain ourdomain.com to
our server the_server.ourdomain.com
and give our ip-address as our net ip xxx.xxx.xxx.xxx and make a rule where all
DNS requests(etc) are forwarded
to the_server (192.168.100.2)? 

We have also 3 other networks connected to this one with FreeS/Wan VPN..
Dhcpd''s on the firewalls are
configured to give 3 dns-servers, first 192.168.100.2, then the ISPs
dns''s. On the win2k server, the dns is
configured to act as a forwarder and the forwarder list is configured to point
the www.foo.com (yyy.yyy.yyy.yyy)-dns''s.

Best regards,

Ville T

Tom Eastep

2003-Jul-14 09:19 UTC

head link

[Shorewall-users] DNS problems

On Mon, 2003-07-14 at 09:00, Ville Takio wrote:> This is a part of our network:
> 
> -----------------------------
> ISP DNS www.foo.com (yyy.yyy.yyy.yyy)
> | 
> * Linux Firewall --> 192.168.100.1 (net ip xxx.xxx.xxx.xxx)
(masqueraded)
>      |
>      * Windows 2k Server with DNS/WINS/TS etc etc -->
the_server.ourdomain.com (192.168.100.2)
>       | 
>      * other computers
> ----------------------------
> 
> If I go to a internet cafe and want to connect to our Win2kServer
the_server.ourdomain.com
> what do I need to do? Ask our ISP dns to delegate the domain ourdomain.com
to our server the_server.ourdomain.com
> and give our ip-address as our net ip xxx.xxx.xxx.xxx and make a rule where
all DNS requests(etc) are forwarded
> to the_server (192.168.100.2)? 
An easier approach would be do set up the port forwarding as you
describe then simply connect to the external IP of your firewall. If you
do what you are suggesting, your DNS server needs different views for
internal and external clients; don''t know if the M$ DNS server lets you
do that (although bind support such view).

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

2003-Jul-14 09:34 UTC

head link

[Shorewall-users] DNS problems

>don''t know if the M$ DNS server lets you
> do that (although bind support such view).
It does not.

Shorewall users - Jul 2003 - DNS problems

[Shorewall-users] DNS problems

[Shorewall-users] DNS problems

[Shorewall-users] DNS problems