DNS servers on intranet

Discussion in 'General' started by axel, Jul 13, 2006.

  1. axel

    axel New Member

    Hello,

    I have read lots of threads here but my brain still don't want to help me figure what to do... sorry. :eek:

    So here's the thing:

    i have a Ubuntu 6.06 LAMP server installed as a databases server for intranet in the office. The IP of the server is 192.168.1.200. On that server I will host several websites - customers, emails, contracts and so on; all of the websites are PHP, using MySQL and they will only be accessible from the intranet.
    Instead of using the standard techniques to host those things, I decided to elevate myself and installed ISPConfig. Worked like a charm.
    My problems started when I wanted to access the websites from my intranet: they cannot be accessed without changing the host file on every bloody windows machine, which is too much...
    I understand that there is a way for those windows users to access the websites on this server without having that hosts file changed, by me running a DNS server on the local Ubuntu machine and stuff.

    Can some blessed person here tell me how to do this? I'm completely newbie in DNS and such things but I will try hard to achieve some knowledges.

    So to make the things clearly, here are some parameters:

    - the server local IP : 192.168.1.200
    - the server name: dbserver
    - the domain I chosed on the installation, in order to access the local windows network: cargo
    - there are 24 windows workstations out there, waiting for me :D

    Thank you very much indeed!

    Sincerely,
    Axel.
     
  2. Ben

    Ben Active Member Moderator

    Well the question is which DNS-Server is used at the moment by the clients.

    Because you have to tell them where to look for the DNS-Name. You insert into hosts if you want to ignore the IP that would come from an existing DNS-Server that's asked by the client or if the DNS-name does not exist on that.

    If you use you linuxbox as DNS as well, than you have two possiblities.
    Either you can "delegate" all zones that you server with your LAMP Box on the DNS-Server the clients use at the moment to you LAMP-Box. That implies that you are able to those changes on the actual DNS Server.

    Second possiblity is to let the LAMP machine the primary DNS and the actual one the secondary. So you have in case of a crash on your LAMP-Machin the backup that everything else works.
    This solution now implies that you forward all DNS-Requests that can not be served by you lampmachine (actually ALL DNS-Name except the onse you host on your BOX) to another DNS-Server, in that case the one the clients use at the moment.

    hth Ben
     
  3. axel

    axel New Member

    You hit me

    My friend, you just hit me with this.
    Maybe at your expertise, there are more than one question but in my case, the question is: how to do the bloody thing? :confused:

    So if you don't mind, please assume that I'm stupid and explain the thing a little bit more detailed...if I'm not asking too much. :eek:

    Thank you indeed!
     
  4. Ben

    Ben Active Member Moderator

    No prob ;)

    Some infos at first. Loadbalancing / redundancy with DNS is solved on the client. That means if a client does not reach (that only means can not connect, not can not lookup dns-name / reverse!) a dns server it tries the next from its list.

    So what you could do is to enter you lampbox as primary DNS to all clients, as second the internetDNS (e.g. DSL-Router etc.).
    So in case of you lampbox crashes the user can use the rest of the network because their dns works.

    On you lampbox you got to configure your DNS / Bind. For that purpose you should also take a look at some bind books e.g. from o'reilly.
    There you should take a look about how to configure stuff. Especially how to forward _all_ not held zones. E.g. a client wants to surf to www.howtoforge.org. That DNS-Record does not exist on your DNS. So bind has to now what to do with that request otherwise it would just return NXDOMAIN, and the whole story would end for the client.
    Another possibility is to make you bind a caching Nameserver. That means he just asks all request another DNS who nows the rest (e.g. DSL-Router) and caches the received requests. Also for that purpose you should take a coser look to any bind literature, e.g. stuff like TTLs (Time To Live, how long a Zonerecord (a domain) / a DNS-Record itself can be valid until it must be refreshed etc.)), configuring forwarders, caching NS.

    What you can start with is a closer look at named.conf, there are all "base configurations". For each zone you will find a new zone file.
    But I actually don't now where you should do your changes to named.conf to not (negativly) influence ISPConfig, as well as not to have the problem of ISPConfig overwriting all you manually done stuff...
     
  5. djtremors

    djtremors New Member

    Your problem is that you need a local LAN NAT to NAT an external address to an internal for internal workstations. Most routers handle this fine when setting up Port Forwarding.
    I use ipcop for home and work (ipcop.org) and works fine with this as well.

    If you are using linux with custom scripts you need a rule in PREROUTING on to DNAT the destination and then a POSTROUTING to nat your internal workstations to the webserver even though they are on the same network as all internal traffic to the webserver MUST be NATted otherwise it won't work.

    Ipcop also has a DMZ setup if you have 3 network cards ;) thats the better way of doing it.
     
  6. Ben

    Ben Active Member Moderator

    @djtremors: NAT for what? NAT for the stuff to Internet.

    But the rest sounds for me as if he just wants to use his Linuxbox with ISPConfig for an Intranetwebserver which implies for me using private addresses, so no NAT is needed.

    NAT also won't help on the DNS-Lookup.

    @Alex: After taking a closer look on the ISPConfig of bind (i switched it off on my box because I'm not using my local bind) it already fits your needs. So it should be OK if you just enter on you client machine your lampbox as DNS, as there are all necessary zone (root-zone) configured:
     
    Last edited: Jul 14, 2006

Share This Page