DNS behind a firewall

Re: DNS behind a firewall

From:

Date:

Time:

Hello David,

>I am having a difficult time setting up our system here and would
>appreciate a little help.
>
>We have a 128 ISDN connection through a Netopia router. The router is
>configured to supply a set of IP addresses to workstations in the office
>and is configured to use NAT.
>
>I have assigned a fixed address to the server I wish to use as a
>DNS/Web/Mail server.
>
>The router is configured so that it passes HTTP/SMTP/POP3?DNS requests
>to this server.
>
>I know that the web requests are being passed through and being served
>because if I hit the router address with a browser, it serves up stuff.
>
>I am running QuickDNS Pro and have attempted to set it up with a domain
>auto-logic.net with a record for www.auto-logic.net and this appears to
>work on our internal network.

Yes, I queried your server, and it looks like it would work fine on your internal network. It won't work for the outside world, though.

Here's your DNS file:
auto-logic.net. SOA ns1.auto-logic.net.
doc.autosense.ca.
2000021102 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (7 days)
86400 ; minimum (1 day)
auto-logic.net. NS ns1.auto-logic.net.
auto-logic.net. NS ns.uunet.ca.
auto-logic.net. CNAME 100.0.0.90.auto-logic.net.
auto-logic.net. MX 10 mail.auto-logic.net.
mail.auto-logic.net. A 100.0.0.90
ns1.auto-logic.net. A 100.0.0.90
www.auto-logic.net. A 100.0.0.90
www.auto-logic.net. HINFO Macintosh Mac OS

Here are the problems:

o You've used your private address in the file, which means that, from the outside, nobody will be able to find the right addresses. You need to change your DNS to point to your public address.

o Your private addresses aren't really private. Right now, class A subnet 100 is unused, according to the root servers, but that doesn't mean it will never be used. (Someone will correct me if I'm wrong, I'm sure, but I don't know of any reason why 100.0.0.0/8 has been set aside.) You should be using one of the address blocks set aside for private networks, such as 10.0.0.0/8 or 192.168.0.0/24.

o The CNAME record is illegal (against the rules of DNS) for several reasons, and should be removed. What is its intended purpose?

o ns.uunet.ca isn't configured for your domain. This will need to be addressed at some point.

>I have several things that I do not understand:
>
>Is it possible for this DNS server to be seen by the outside world? And
>if so what do I have to do to make that happen? I have set the router to
>pass DNS information to the internal address of the server on port 53.
>Is this correct?

Yes, your DNS server is visible to the outside world. Your inbound mapping appears to be correct. Did you map both TCP and UDP ports to the DNS server?

>Also, what do I have to do to set up another domain on this DNS server
>for autosense.ca? If I use the assistant I seem to get it mangled with
>the auto-logic records.

The simplest method is to use the Domain Assistant to create a virtual domain with no A records, using your other domain as your primary domain.

>I know I am suffering from OHUA syndrome on this but please help me
>anyways. This DNS stuff gives me a headache!

? I'm not familiar with that term.

At 12:58 PM -0500 2/11/2000, David Rice wrote:
>I have an additional question.
>
>If I were to register a domain and point the domain to our dns server,
>this shold work?
>
>For example if I had a domain called auto-logic.net and when registering
>that name at internic with primary dns server as:
>
>ns1.auto-logic.net
>216.95.190.1 (our router address)
>and secondary at:
>ns.uunet.ca
>142.77.1.1
>
>Would this not be the way to make this all work provided that I have a
>dns server with that name and address set up on our network?

Yes, this should work just fine, assuming UUNet agrees to act as your secondary server.
____________________________________________________________________
Chris Buxton cbuxton@menandmice.com
Men & Mice http://www.menandmice.com
Makers of: QuickDNS Pro

Sales:
888/4-DPOINT

Support:
858/452-3696