Page 181 - DCAP106_OPERATING_SYSTEM

Page 181 - DCAP106_OPERATING_SYSTEM_TOOLS

P. 181

Operating System Tools

Notes What do the PCs on your home network need to see? They need to see DNS references to the
real IP address of the Web server, 192.168.1.100, because NAT won’t work properly if a PC on
your home network attempts to connect to the external 97.158.253.26 NAT IP address of your
Web server. Don’t worry. BIND figures this out using its views feature which allows you to use
predefined zone files for queries from certain subnets. This means it’s possible to use one set of
zone files for queries from the Internet and another set for queries from your home network.
Here’s a summary of how it’s done:
1. If your DNS server is also performing as a caching DNS server, then you’ll also need a view
for localhost to use. We’ll use a view called localhost_resolver for this.
2. Place your zone statements in the /etc/named.conf file in one of two other view sections.
The first section is known as internal and lists the zone files to be used by your internal
network. The second view called external lists the zone files to be used for Internet users.

Example: you could have a reference to a zone file called my-site.zone for lookups
allied to the 97.158.253.X network which Internet users would see. This /etc/named.conf
entry would be inserted in the external section. You could also have a file called my-site-
home.zone for lookups by home users on the 192.168.1.0 network. This entry would be
inserted in the internal section. Creating the my-site-home.zone file is fairly easy: Copy
it from the my-site.zone file and replace all references to 97.158.253.X with references to
192.168.1.X.
3. You must also tell the DNS server which addresses you feel are internal and external. To
do this, you must first describe the internal and external networks with access control lists
(ACLs) and then refer to these lists within their respective view section with the match-
clients statement. Some built-in ACLs can save you time:

z localhost: Refers to the DNS server itself.
z localnets: Refers to all the networks to which the DNS server is directly connected.
z any: which is self explanatory.
Let’s observe BIND views more carefully using a number of sample configuration snippets
from the /etc/named.conf file we use for our home network. All the statements below
were inserted after the options and controls sections in the file. We have selected generic
names internal, for views given to trusted hosts (home, non-internet or corporate users),
and external for the views given to Internet clients, but they can be named whatever you
wish.
First let’s talk about how we should refer to the zone files in each view.

Forward Zone File References in named.conf

Let’s describe how we point to forward zone files in a typical named.conf file.

Example: In this example the zone file is named my-site.zone, and, though not explicitly
stated, the file my-site.zone should be located in the default directory of /var/named/chroot/
var/named in a chroot configuration or in /var/named in a regular one. With Debian / Ubuntu,
references to the full file path will have to be used. Use the code:
Zone “my-web-site.org” {
type master;
notify no;
allow-query { any; };

174 LOVELY PROFESSIONAL UNIVERSITY

176 177 178 179 180 181 182 183 184 185 186