Re: DNS question

Jason Corcoran wrote:
> I got myself a broadband connection and have set up a smoothwall 2.0 
> firewall, with a Green Red and Orange(DMZ). Say I have a domain 
> (example.com) can I set the DNS servers for example.com to my smoothwall 
>  Red zone ip and have smoothwall redirect it to a server in my DMZ zone?
> if so is it just a matter of modifying the hosts file on the smooth wall 
> to include to DMZ ip ..
>
> i.e.
> 192.168.1.1    example.com

If the DNS server is in your orange zone, then just add that to your
resolv.conf. (You may want to explicitly add your ISP's DNS here too,
though I think they'll be catered for on connect .. but not 100% sure on
SmoothWall's inners).

The DNS server (assuming BIND) can be set up to use "Views" which will
allow you to serve different IPs for internal queries and external
queries. So www.example.com if queried from outside would return the IP
address of your BB connection, or 192.168.1.1 if queried from your LAN.
Its also useful if you want each machine to have
internal_name.example.com which you probably don't want to make public
in your DNS config. Google/mail me for sample config.

> and do I just the allow port forwarding on the smoothwall to the above 
> ip for the services I want to use ??
Yupe just forward 53 UDP and TCP to the orange zone DNS server IP. Set
the NS records for example.com to have one point to your external IP.

> I think I am over simplifying how this is done. I have goggled and most 
> of the returns are for setting up dynamic dns.
Yup, you're right about that alright!!

So DNS on orange zone .. add the port forwarding for Red>Orange (and
Green>Orange if needed). Strictly speaking you don't need to change your
Smoothie's resolv.conf (unless your LAN clients use it as a DNS server).
Finally look at BIND Views, but that's optional.

.cg



--
Irish Linux Users' Group
http://www.linux.ie/mailman/listinfo/ilug/