Re: Bind Help

[Will Yardley <taroon veggiechinese net>]

On Tue, May 31, 2005 at 03:49:14PM -0400, Thom Paine wrote:
 
> Another question: When running a NAT network (10.10.10.0/24) should I
> resolve out all the machines on the lan as well?

You should resolve the internal IPs for internal clients which have
access to your rfc1918 network, and not for external clients. In other
words, you shouldn't let any reverse DNS queries for rfc1918 addresses
leak outside your organization, and you also shouldn't leak such
information outside your organization.

You can either do this using separate nameservers, using BIND9's
"views", or a combination of the two approaches. 
 
If you fail to do this, not only will you be polluting the 'net with
bogus queries, but you'll also likely experience some delays due to
failure of DNS resolution and other problems.

> I have my main site (customnetworks.ca) and several machines. Should I
> use bind to have them reverse out in the 10.10.10 ip addressing?

You need to announce the external IP to external clients, since they
won't be able to access your 10 net IPs.

Side note - you also need to include ns2.multiboard.com. in the NS
records for customnetworks.ca.

jazz:$ dig ns customnetworks.ca +trace

[...]

customnetworks.ca.      86400   IN      NS      ns2.multiboard.com.
customnetworks.ca.      86400   IN      NS      ns1.customnetworks.ca.
;; Received 101 bytes from 129.33.164.84#53(ca05.cira.ca) in 82 ms

customnetworks.ca.      38400   IN      NS      ns1.customnetworks.ca.
;; Received 69 bytes from 204.101.248.22#53(ns2.multiboard.com) in 88 ms

/w