LAN local DNS

[Dragonfly]

Hi all,
I have a LAN with a web server inside with Win2000 professional. A
router (external IP 1.2.3.4) NATs calls from outside to the web server
(192.168.0.2) on port 80. So, our DNS (external) contains
my.webserver.com -> 1.2.3.4.

From the inside of the LAN, however, pointing the browser to
my.webserver.com opens up the router setup page, since the NAT does
not work for packets coming from inside the LAN.

In the LAN I have some desktops and laptops which often are carried
outside. So I can't use the HOSTS file to get a static reference
my.webserver.com -> 192.168.0.2, it wouldn't work when they're
outside.

The router also works as DHCP server for laptops, so I thought to use
a kind of DNS server on the web server and let the DHCP server give it
to che clients as the default DNS. Note that I don't want the
webserver to work as a DNS for outside hosts, it should only work as a
local one.
I don't know if I can let it maintain only the my.webserver.com ->
192.168.0.2, or if it has to be a complete DNS... Note that I have
Win2000 Pro, so no DNS server on it.

Does anybody has an idea about what could I do? If skipped some
information, please tell me.

Thanks in advance

D.

 

[Keith W. McCammon]

You do need to run some internal DNS server to make this work. I'm not sure
if there are any freebies that will run on Pro, but you could always use a
simple Linux distribution running BIND, provided that you're comfortable
with UNIX-based operating systems.

 

[Herb Martin]

You do need to run some internal DNS server to make this work. I'm not
sure

if there are any freebies that will run on Pro, but you could always use a
simple Linux distribution running BIND, provided that you're comfortable
with UNIX-based operating systems.

BIND 9 (8.x, and 4.x too) will run on W2k Pro. They are free;
they can be downloaded pre-compiled or with full source
(I got it to build with VS.Net 2003 VC.)

But, I am not sure this is the solution to the original question --
which was very confused.

He said, "Pro" but he also said he had a "DHCP" server which
means "third party" or Server.

It isn't clear what he really wanted to accomplish. Probably
split or shadow DNS where he gives on view of the zone to
the Internet and another to his internal users.

Standard answer there is Two DNS servers (I have generally
recommended the external DNS be hosted at a Registrar for
all but the largest companies). One DNS server for the Zone
OUTSIDE, another for the Zone inside.

Although we talk about these as the "same zone" they are
really TWO ZONES with the same name since they never
replicate. (BIND 9 can now do this with "views" so it's
two databases for the zones with the same name on the same
server.)

 

[Herb Martin]

It isn't clear what he really wanted to accomplish. Probably

You got it.


So I have to configure the inside DNS server to feed different IPs
and never replicate with the outside one, right?

YES.

This is actually why most people have taken to calling the shadow
DNS architecture "split" or "split brain" DNS.

You duplicate the OUTSIDE records on two primary servers,
and then add internal records ONLY to the internal DNS for
'that' zone.

Truth is, it's two zones with the same name --most people don't
say it this way but it helps troubleshooting if you recognize this
fact. It's two zones because they each have their own Master-Primary
and never replicate with each other.

Normally you would never have two Master-Primaries for one zone,
but we puposely do this to BREAK the replication between them.

I'll go with BIND 9 and see if I can work it out.

You said you are familiar: the only issue I find with BIND 9 is
the tediousness for the newcomer to create the config and zone
file syntax.

There is also a BIND-PE (written by a fellow that visits these
groups sometimes -- NTCanuck.) It may be free for
personal use but it's price is modest if purchase is necessary.

www.ISC.org is bind-land and BIND-PE is at
http://ntcanuck.com

 

[free.teranews.com]

I have an issue very similar to the one Dragonfly describes. Is it possible
to set up "split brain" DNS on one machine with out of the box Win2000
Server?

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I have an issue very similar to the one Dragonfly describes. Is it
possible to set up "split brain" DNS on one machine with out of the
box Win2000 Server?

No.

 

[Herb Martin]

I have an issue very similar to the one Dragonfly describes. Is it
possible

to set up "split brain" DNS on one machine with out of the box Win2000
Server?

No. Either two machines or using BIND for "views" is required.

But I am still strongly suggesting that MOST PEOPLE setting
up shadow DNS systems should run the public versions at
their ISP or , even better, their Registrar.

(ISP DNS is typically not as stable, as high bandwith, provided
with tools for the owner (e.g., you) to manage, and ties you
to ONE ISP if you move your web site or connection ISP to
another provider as your business grows or changes.

 

[Dragonfly]

YES.
You duplicate the OUTSIDE records on two primary servers,
and then add internal records ONLY to the internal DNS for
'that' zone.

Ok, done. Installed BIND 9.2.1, configured the zone for the internal
server... Everything works. Thanks!

You said you are familiar: the only issue I find with BIND 9 is
the tediousness for the newcomer to create the config and zone
file syntax.

I meant I was far more familiar with Linux than with Windows 2000, but
not quite (as you noticed) with BIND

Luckily I found some sample configuration files somewhere, so I could
understand how it worked.
The only tricky part in configuration was that of the reverse lookup,
since every nslookup gave back the correct answer, but with an error
message.

Thanks all for the prompt answers.

Bye

D.

 

[Herb Martin]

I would love a reference to those Sample files for BIND
config you found.