[lug] dns for non Internet visible network

[D. Stimits]

Hugh Brown wrote:
> What's the "best practice" for setting up dns for a group of systems
> that aren't addressable from the Internet?  Do people use .dom endings
> or do they just extend the domains that they own?
> 
> For example:
> 
> I have a lot of machines at home and I don't want to manage
> the /etc/hosts file (or equivalent on other OSes) on all of them.  I'm
> going to set up dns on one of the boxes and I'm wondering what the
> preferred method is for domain naming esp. since this dns server won't
> be accessible by any Internet hosts.

Just a side note, it is easy to install 2 NIC's, and far more secure. 
Once you do this, and connect the 2nd NIC via a private switch, one 
machine can act as DHCP server (or you can be simple and use static IP), 
and then do anything you want, even give it a real domain name on a DNS 
server which serves only requests from the interface of the 2nd NIC. 
Then set up firewall rules on the public NIC (just in case) that refuses 
any traffic at all to/from first and second NIC. The only machine 
needing an /etc/hosts entry is the one connected to the real Internet. 
If you are going to do a lot of this kind of work I think you'll save 
yourself trouble in the long run by having a 2nd NIC. If you are using 
Fedora/Redhat/KRUD, the master machine simply uses a static IP on the 
2nd NIC via /etc/sysconfig/network-scripts/ifcfg-eth1, while the other 
machines leave it as DHCP if they want (then your DHCP server only 
responds to MAC addresses of the other machines' 2nd NIC). At this point 
the software can be transferred directly to the real machines without a 
single change, because your internal private network can be modeled to 
think it is the real thing.

D. Stimits, stimits AT comcast DOT net