[Cialug] Cialug Digest, Vol 101, Issue 11

[kristau]

I'm coming in to this late, and I haven't read everything in detail so I
may be missing something. I'm assuming you are running a DNS server on your
OSX box or some sort of "other" DNS server on the LAN. We will simply call
this the LAN DNS server.

In order for that LAN DNS server to resolve both internal and external
hosts on the moderetnyre.net domain, you need to set it up as if it were
the one and only Start Of Authority (SOA) for that domain. Even though it
really isn't (GoDaddy really is), if it doesn't believe that it is it will
always look up the real SOA and forward the lookups there.

In short, you are setting up your LAN DNS to be the SOA for that domain --
just as if you were setting up your own public DNS server. Once you've done
that, all internal hosts will need to send their DNS requests to your LAN
DNS server which, believing it is the SOA, will use the entries it has to
resolve IPs. You can then set your A records to either internal or external
IPs and they will resolve.

As far as the wild Internets are concerned, however, GoDaddy will continue
to be the SOA for your domain. Setting A records on your GoDaddy DNS for
internal hosts will probably not work, but it may be possible to do that.
Setting A records for internal hosts out on your public-facing (GoDaddy)
DNS is a Bad Idea simply because it exposes information about your internal
network which could be used when trying to attack said network. I know
certain individuals who used to create prank A records to 127.0.0.x/24
addresses to bait script kiddies into attacking themselves. "Hey, this host
is running the same OS and kernel as mine. I'll launch that exploit I
tested last week which crashed my system."


On Sat, Sep 21, 2013 at 2:18 AM, Moder John II Lee <jmoder at me.com> wrote:

> Ok, I think I am missing something very basic here, so please bear with
> me...
>
> What you are saying is without doing a "Split Horizon" DNS on the OSX box
> there is no way for me to ping a box on my local network by hostname?
>
> That just doesn't make sense to me.  The OSX box has an A record for the
> CENTOS1 box, why would godaddy need one for me to ping it on my local
> network?  I understand if I want to reach the box from the outside that
> godaddy would need a record, but shouldn't my local DNS be resolved locally
> when is has the record, and only be forwarded when the record isn't there?
>
>
> John
> -----------------
> John is not in the sudoers file.  This incident will be reported.
>
>
> On Sep 20, 2013, at 8:06 PM, "L. V. Lammert" <lvl at omnitec.net> wrote:
>
> > On Fri, 20 Sep 2013, Moder John II Lee wrote:
> >
> >> I did that on the OSXSLS1 box and it returned:
> >>
> >> OSXSLS1:~ administrator$ dig @10.0.1.2 A Centos1.moderetnyre.net
> >>
> >> ;; QUESTION SECTION:
> >> ;Centos1.moderetnyre.net.    IN      A
> >>
> >> ;; AUTHORITY SECTION:
> >> moderetnyre.net.     3600    IN      SOA     ns75.domaincontrol.com.
> dns.jomax.net. 2013091200 28800 7200 604800 600
> >>
> > You authoritive name servers are at godaddy.com (domaincontrol.com), ..
> to
> > properly resolve centos1, you would have to add an A recored at godaddy
> > for the domain.
> >
> >> With that I agree Zach, I have missed something in setting up the
> >> OSXSLS1 DNS responder, but I do not know how to fix it.
> >
> > Your OSX machine is working properly to forward inquiries to the
> > authoritive name server (godaddy), .. the only other option is to run a
> > split horizon DNS server sudh as dnsmasq, or figure out how to configure
> > such a service on OSX.
> >
> >       Lee
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>



-- 
Tired programmer
Coding late into the night
The core dump follows