Date: Mon, 06 Jan 2003 15:37:26 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Peter Much <pmc@citylink.dinoex.sub.org> Cc: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG>, hackers@FreeBSD.ORG Subject: Re: sendmail: how to get the named of FreeBSD4.7 standards compliant? Message-ID: <3E1A1336.9F535670@mindspring.com> References: <no.id> <20030101181330.C8233@disp.oper.dinoex.org> <3E134659.78028611@mindspring.com> <20030106173652.A495@disp.oper.dinoex.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Much wrote: > ! I have been told that BIND 9 can solve this problem with two > ! different "views"; however, I do not believe it. I wrote a > ! BCP RFC for this, which ended up not getting published, as I > ! did not push it on the promise that the views would solve the > ! problem, and arrive much sooner than they did. I believe it > ! is still available from: > ! > ! ftp://ftp.whistle.com/pub/terry/drafts/draft-lambert-dns-split-00.txt > > Yes, this paints my configuration. > And now I do not think that a "split horizon" configuration could > solve my problem at all. Because if it could tell me that my > unqualified hostname does not exist (without querying the outside), > then it would also tell me that FreeBSD.org does not exist... That's not entirely true. The normal way to handle this is to define a domain for your internal machines, and then make the DNS server authoritative for it. The domain most people use for this is "link.local" or ".local", or "example.com". It's actually pretty easy to spend the $10/year and register a real domain for you, and then use that, instead, as the local domain. With your local DNS server being authoritative for that domain (having an SOA record for the domain name), then it can tell when hosts do or don't exist there. So if I look up an unqualified "froboz", it's assumed to be in the local domain because of the DNS suffix every machine is using, and every machine is using it, either because you told it to, or because that's what the DHCP server told it to use, when it handed each machine it's IP address. > So I see only three strategies: > 1. Keep the internet connection available at anytime. > 2. Use the BrokenAAAA hack. > 3. Configure IPv6 in the LAN. 4. Claim "link.local" as your domain name, stuff it into your DHCP server as the domain name it hands out to machines when it hands out IP addresses, and then stuff an SOA record for it into your local DNS server (and an SOA record for 168.192.in-addr.arpa., or whatever your local non-routed network addresses are, on the interior side of your NAT). This is more a "How Do I Set Up A LAN Inside A NAT?" question, than it is anything else... -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E1A1336.9F535670>