[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 11 September 2010 19:57, Simon Waters <simon@xxxxxxxxxxxxxx> wrote: > > I think there are quite a few routers that will direct the outbound > traffic back in, in this fashion. Basically if they are proper routers, > they will spot the outbound packet is destined for an internal IP > address, and route it inwards. But it does mean the traffic hits the > router, rather than staying on the internal network. That does seem the more sensible way to do it. In my case, all LAN traffic goes via that router anyway so that's not a problem. > However to not rely on the feature as Rob suggests just create a private > view of the DNS with the internal IP address of the server for those > domain. > > You can do that with any DNS serving software. BIND 9 is boring and bog > standard but combines recursive and authoritative DNS in one server, > which in this specific case is an advantage (usually it is a really bad > idea, but if you are only serving internal clients it is safe enough to > combine the roles like this). > Am I right in thinking then, that the local DNS server would provide the authoritative DNS for the servers on the LAN, but the rest of the internet would still go to my registrar's DNS? Or would the local DNS provide the authoritative DNS for LAN and the whole internet, but returning a LAN address or the public IP depending on where the request came from? I assume in both cases the local DNS server provides recursive DNS for all DNS lookups from the LAN. Someone on the Leicester LUG list pointed me to a "hidden" settings page on the Belkin control panel: "firewall_spi_h.stm". For some reason there's no link to this page, as far as I can tell, you can only access it by typing in the URL. The page contains options for stateful packet inspection and anti-DoS detection, and disabling this appears to have solved my original issue, although I'm not entirely certain whether turning those things off is a good thing or if it's leaving the router a bit too insecure. There are settings to control the SPI and anti-DoS, but I don't know what to change Chris -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq