[lug] DNS configuration question
Jonathan Briggs
zlynx at acm.org
Mon Dec 3 15:57:09 MST 2001
Elyse Grasso wrote:
>I want to set up the mail/web server machine as a dns server that the
>machines on the internal network can use to locate and identify each other. I
>assume that the best thing to do is to set up the server as their primary dns
>and our ISP's nameservers as secondary and tertiary (to give them access to
>the rest of the web).
>
Do not set the ISP nameservers as secondary and tertiary. Instead, use
your internal DNS server as your only server and set your internal DNS
server to forward requests to your ISP nameservers. You want to do this
because the ISP nameservers are likely to return "no address" for
reverse lookups for any IP in the private IP space, such as 192.168.0.0,
10.0.0.0, etc. If the client gets a "no address" response from any
nameserver, it will return an error immediately. This means that if
your internal DNS server gets slowed down and the ISP answers first, the
name will not be resolved by the client.
I have another comment to make. Be sure to install a secondary DNS
server on your network. If you ever have to take the primary server
down for maintence or, heaven forbid, it crashes or the network card
locks up, your users who've become used to the internal names will yell
and scream. A second name server prevents this.
I've done both of these things wrong in the past, so I'm telling you
from experience here. :-)
More information about the LUG
mailing list