Hostnames on an internal subnet that also resolve in public DNS

Ken Lyons - Graphix Wizard/Data-Forms KenL at GraphixWizard.com
Wed Feb 11 09:59:39 EST 2009 

I don't know of anyway Mara can do that...
This feature is often asked for, but I don't know of any workaround 
without changing the code or donating to Sam (best approach).
== As before I use two dns copies in that instance.

Mara by default is both authoritive and recursive..
if   domain.com  is listed,  mara assumes that it will have all records 
for that domain and all subdomains.
So if a  certain subdomain doesn't exists it's going to return a  Serv 
Fail instead of passing it on to the upstream DNS.
If the domain isn't in mara it will gladly resolve it using the upstream 
DNS.
?? (Delegate specific subdomains to another DNS?)

Maybe Sam knows if there is a  switch that could have Mara change from  
ServFail ouput  and jump to a recursive request instead...
--giving the results you want. 
       www.domain.com  in mara, resolves,    unknown.domain.com... would 
be ServFailed, but uses upstream to resolve, passing result.
I don't believe there is one, but I don't know everything about mara.


As far as the /etc/hosts.... why not just make a  single hosts file and 
have  each system update using  wget or rsync, etc.
Then it still single management point.

Ken


Tom Harrison wrote:
> Thanks Ken,
>
> Running an additional DNS server is not practical in our environment 
> (which is Amazon EC2) for several reasons.  Amazon EC2 provides their 
> own internal server to resolve their own internal addresses, as well 
> as recursive DNS requests for public addresses from within the cloud.  
> Also our SOA name server for publicly routable names and addresses is 
> hosted elsewhere.
>
> I could accomplish everything I need by updating /etc/hosts on all of 
> the servers, but this is not practical when you have multiple domains 
> and an increasingly large number of servers that come and go. Having a 
> single point of management, MaraDNS, becomes essential.
>
> So maybe my question could be rephrased as follows.  Is it possible to 
> configure MaraDNS to provide the same functionality of /etc/hosts?  
> Specifically:
>
> 1) preferential name resolution to a locally routable address of a 
> some hosts on our domains,
>
> 2) gracefully passes unresolved requests along to the public/recursive 
> DNS server provided by our ISP,
>
> 3) even if some of the addresses are on the same domain as those we 
> manage with MaraDNS.
>
> Thanks all!
>
> Tom
>
> On Feb 10, 2009, at 8:23 AM, Ken Lyons - Graphix Wizard/Data-Forms wrote:
>
>> I just run two DNS servers, (two running copies of maradns), one for 
>> public and one private resolving.
>> I setup the server to have two Internal network addresses, i.e.
>> 10.x.x.10  (53) = public DNS resolv
>> 10.x.x.11 (53) = private DNS resolv
>> And use the firewall to route who gets what...
>> all WAN side request go to public and all LAN side go to private
>> (or just setup local computers to go directly to the private dns 
>> address)
>>
>> Ken Lyons
>>
>>
>>
>> Tom Harrison wrote:
>>>
>>> Hello -- re MaraDNS 1.2.12.08 running on Ubuntu/Debian...
>>>
>>> I need intercommunication of a cluster of servers living in a 
>>> private network (10.x.x.x), but also need to get to the address of 
>>> the hosts via public DNS.  So, for example, web1.example.com might 
>>> resolve to 10.0.0.1, routable only within the subnet, but from an 
>>> external location (our office) would resolve to a publicly routable 
>>> IP like 98.76.544.321.  Within the subnet the servers also need to 
>>> get at public addresses too, like google.com.  I have all of this 
>>> working with the config below.
>>>
>>> However, some of the addresses for our domain are not in the subnet, 
>>> e.g. our office "corp.example.com"; these are public addresses that 
>>> can be resolved by the upstream servers.  Is there a way to 
>>> configure MaraDNS so that a "miss" on a name like "corp.example.dom" 
>>> is passed along thus resolving to its public address?
>>>
>>> mararc:
>>> ipv4_bind_addresses = "10.252.110.37"
>>> chroot_dir = "/etc/maradns"
>>> hide_disclaimer = "YES"
>>> recursive_acl = "10.0.0.0/8"
>>> upstream_servers = {}
>>> upstream_servers["."] = "172.16.0.23"
>>> csv2 = {}
>>> csv2["example.com."] = "db.example.com"
>>>
>>> db.example.com:
>>> master.example.com. 10.252.110.37
>>> web1.example.com. 10.252.46.6
>>>
>>>
>>>
>
>

More information about the list mailing list