[ale] db.mynet.com and network segments

David S. Jackson dsj at sylvester.dsj.net
Tue Jul 29 22:07:08 EDT 2003 

On Tue, Jul 29, 2003 at 07:29:27PM -0400 Geoffrey The Esoteric <esoteric at 3times25.net> wrote:
> David S. Jackson wrote:
> >Hi,
> >
> >Well, I'm trying to figure out how to handle different network
> >segments in a domain.
> >
> >For example, I'll have network.com with several private segments
> >in it.  Would each segment just have its own little nameserver in
> >it and include the nameservers for the other segments in it?  How
> >does that work?
> 
> Each separate segment could simply have /etc/hosts configured properly 
> with a machine as a gateway to the other networks.  Depends on the 
> number of hosts.  For example, between my dmz and home net sits a choke 
> firewall that handles all the data transfer from one net to the other. 
> Two nics, one that has an ip for the dmz, the other has an ip for the 
> home net.
> 
> Here's /sbin/route output on that machine:
> 
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use 
> Iface
> dmz-edu         *               255.255.255.0   U     0      0        0 eth0
> home-edu        *               255.255.255.0   U     0      0        0 eth1
> loopback        *               255.0.0.0       U     0      0        0 lo
> default         a.dmz.edu       0.0.0.0         UG    0      0        0 eth0
> 
> 
> dmz-edu is the dmz network and home-edu is the home network.  The 
> default listed (a.dmz.edu) is my firewall which is connected to the 
> internet.

I guess I'm really trying to get into named syntax here.  I
already have this type of setup at home.  It's just that not all
programs will read /etc/hosts first.  Squid for example.  They
need a local dns server running or they won't resolve localnet
hosts.

For example, in my dsj.net zone file, I guess I could have A
records for all hosts on both networks.  But in my reverse lookup
files, I guess I'd have to have a 0.168.192.in-addr.arpa file as
well as a 1.168.192.in-addr.arpa file, each with the relevant PTR
records in it.  And then could I just add these reverse files to
the named.conf file?  So besides my localhost and "." files, I'd
also be calling out my dsj.net zone file as well as two reverse
lookup files, one for each segment.  Is that even in the
ballpark?

I'm thinking that perhaps I could use one nameserver for both
network segments.  Does that sound possible?  Does anyone have an
example of what that syntax would look like?  I've googled and
RTFMed until I'm blue in the face, and I'm still not
understanding this.  (bangs head against the keyboard...)

TIA!

-- 
David S. Jackson                        dsj at dsj.net
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
I got this powdered water -- now I don't know what
to add.
		-- Steven Wright
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list