[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Resolving domain names to local servers

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] Resolving domain names to local servers
From: Chris Bunney <crbunney@xxxxxxxxx>
Date: Sun, 12 Sep 2010 12:15:22 +0100
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=diX3mMDSaTtvtwRQl6FBRWn3D3yBHCRfakkyw5FqZkc=; b=cOdluCVAe0ldZCAXMSbvvI9Kc092OhTPxdZB756L2WeJuO9FYsx09+YpKpHpQ4Y0eG YRIWBQa/R7MW7t1ycplYQpILlWMtzMMzkdLLnER44PuYXtR1aQ4SzXi9PFXn5gMxrVaM 7BZZd8omE+WW7/YO4XEcgRF4hVRU+5aEwPiSE=

On 11 September 2010 19:57, Simon Waters <simon@xxxxxxxxxxxxxx> wrote:
>
> I think there are quite a few routers that will direct the outbound
> traffic back in, in this fashion. Basically if they are proper routers,
> they will spot the outbound packet is destined for an internal IP
> address, and route it inwards. But it does mean the traffic hits the
> router, rather than staying on the internal network.

That does seem the more sensible way to do it. In my case, all LAN
traffic goes via that router anyway so that's not a problem.

> However to not rely on the feature as Rob suggests just create a private
> view of the DNS with the internal IP address of the server for those
> domain.
>
> You can do that with any DNS serving software. BIND 9 is boring and bog
> standard but combines recursive and authoritative DNS in one server,
> which in this specific case is an advantage (usually it is a really bad
> idea, but if you are only serving internal clients it is safe enough to
> combine the roles like this).
>

Am I right in thinking then, that the local DNS server would provide
the authoritative DNS for the servers on the LAN, but the rest of the
internet would still go to my registrar's DNS?

Or would the local DNS provide the authoritative DNS for LAN and the
whole internet, but returning a LAN address or the public IP depending
on where the request came from?

I assume in both cases the local DNS server provides recursive DNS for
all DNS lookups from the LAN.

Someone on the Leicester LUG list pointed me to a "hidden" settings
page on the Belkin control panel: "firewall_spi_h.stm". For some
reason there's no link to this page, as far as I can tell, you can
only access it by typing in the URL. The page contains options for
stateful packet inspection and anti-DoS detection, and disabling this
appears to have solved my original issue, although I'm not entirely
certain whether turning those things off is a good thing or if it's
leaving the router a bit too insecure. There are settings to control
the SPI and anti-DoS, but I don't know what to change

Chris

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] Resolving domain names to local servers
- From: tom

References:
- [LUG] Resolving domain names to local servers
  - From: Chris Bunney
- Re: [LUG] Resolving domain names to local servers
  - From: Simon Waters

Prev by Date: Re: [LUG] Cairo cross compile
Next by Date: Re: [LUG] Resolving domain names to local servers
Previous by thread: Re: [LUG] Resolving domain names to local servers
Next by thread: Re: [LUG] Resolving domain names to local servers
Index(es):
- Date
- Thread