Subject: Re: Configuring server for internal network
From: Darron Froese (darron@froese.org)
Date: Thu Oct 19 2000 - 18:12:41 MDT
on 10/19/00 5:46 PM, Gawain Reifsnyder at gawain@guitar.net wrote:
> I may have to do some more reading on DNS setup before I can dive
> into your solution... However, with a couple more hints I may be
> able to figure it out. :-)
>
> In the $ORIGIN section of your zone file you have
> machineX.internal.froese.org and darron.froese.org. How would this
> work in my case, as I'm not running a local DNS server?
It wouldn't work unless you run a local DNS server. NOTE: There's no reason
why you can't run your own local dns server - you have the software for it.
UNLESS
Yhere's a way to put PTR records in your /etc/hosts file - I'm not sure if
there is at this time.
Does anyone else know of a way to do this?
Here's some more hints anyways.
The $ORIGIN lines in the db file would be correct if your internal network
was 192.168.1.x - all $ORIGIN does is append itself to entries in the file
that aren't fully qualified:
$ORIGIN 1.168.192.in-addr.arpa.
1 IN PTR machine1.internal.froese.org.
15 IN PTR machine2.internal.froese.org.
157 IN PTR machine3.internal.froese.org.
36 IN PTR machine4.internal.froese.org.
Is the same as:
1.1.168.192.in-addr.arpa. IN PTR machine1.internal.froese.org.
15.1.168.192.in-addr.arpa. IN PTR machine2.internal.froese.org.
157.1.168.192.in-addr.arpa. IN PTR machine3.internal.froese.org.
36.1.168.192.in-addr.arpa. IN PTR machine4.internal.froese.org.
Notice the dots at the end of the domain names? That means: "This is fully
qualified so don't append $ORIGIN to the end."
$ORIGIN is a way to:
1. Not type so much.
2. Make it easier to make large changes without having to change a lot of
records.
Basically, this is what I think is happening:
When one of your internal machines is trying to connect to ProFTPD - let's
pretend that it's coming from 192.168.1.15.
The machine your ftp server is running on attempts to find out the host name
that 192.168.1.15 is supposed to have SO it asks the name server it's
configured to speak to (from its /etc/resolv.con):
"What does the PTR record for 15.1.168.192.in-addr.arpa. point to?"
If it's asking your ISP (or whatever name server you have in your
/etc/resolv.conf) for this information, their DNS server is going to say "I
have no idea - that's not an IP I have the answers for because it's a
private address."
Along the same lines, when sendmail starts up, it looks up both the forward
and reverse domain records for its hostname/ip address:
OK, now, I know I'm at "hostname.computer.com" - what's my ip address? (It
finds that answer in your /etc/hosts file because you don't have a dns
server [at least that's what I'm lead to believe from your postings here].)
OK, now that I've got the IP for "hostname.computer.com", what's the PTR
record for that ip? Hello? Are you listening? What's the PTR record for that
IP? Are you there? I'm going to try a few more times and wait a little
longer.....OK - I'm giving up. There isn't a PTR record that I can find.
Does that make any more sense? Obviously you'd need to use your own domain
name instead of froese.org...
-- Darron darron@froese.org
This archive was generated by hypermail 2a24 : Thu Oct 19 2000 - 18:20:24 MDT