[Leaplist] DNS intranet advice

Bryan J. Smith b.j.smith at ieee.org
Sat Nov 8 21:57:46 EST 2008 

Dan Cherry <dan.s.cherry at gmail.com> wrote:
> One called local., the other 1.168.192.in-addr.arpa

Well, the latter is required per various RFCs (must be
on a perfect A/8, B/16 or C/24 subnet, or so delegated
by common reference above).

> Everything seems to be working okay (with the known
> exception of avahi, which seems to choke on .local)
> I'm about to change .local to something like .internal,
> .int, .home, or whatever.  But is there any advantage
> to using any particular name (remember this is internal
> behind a Linksys router)?  Or for that matter using two 
> names such as 'myhome.internal'?
> It appears that I'll only need to change the names of
> .local in the two zones, and everything else should
> remain the same.
> Then a change to host names, mail configs, etc should
> complete the task.
> Any advice, or anything I'm missing?

Like everything I do, as much as I can make it "real world,"
the less issues I have.

E.g., I use one domain (smithconcepts.com) for everything.

I _always_ and I mean _always_ subdomain, _period_.  That's
always been my view -- design for growth, and it's easy if
you ever do.  If you do not, it's really not much harder
(if any added difficulty at all), and teaches you good
practices.

I've already noted it before, here and elsewhere, so it
does not hurt to say it publicly.  I use my location
(e.g., oviedo) as my subdomain, which is also the leaf/simple
domain name of any NIS, legacy NetBIOS/WINS, etc...

I have other, special subdomains as well, e.g.,
- "corp", for the corporate directory/resource tree
- "mobile", for mobile devices
- "public", for the public servers

I really do not like, except as required in A[AAA]/PTR
record by RFC, to use a direct name to TLD.  I.e., you will
_never_ see a real A[AAA]/PTR record in my DNS records
that is "(servername).smithconcepts.com.", except as
required by RFC.

You will see CNAME for www.smithconcepts.com to
www.public.smithconcepts.com, etc... (when I used to
maintain public DNS, which I do not anymore).  You will
see CNAME for most everything, 1:1, for the top-level
domain-name to "public" or some other sub-domain except,
again, as required by RFC (e.g., MX records).

I find it's just good, flexible practice in general.
Especially for internal networks, where maybe I might
want to redirect the TLD differently than external,
etc..., but still be able to refer to "public" or
something else (various combinations).

> (Also, John, I'll consider trying djbdns, but if I
> switch, i'll have to start from scratch - vs. making
> two fairly simple changes to two files I'm already 
> familiar with - so I'll need to find some decent
> tutorials.)

As a long-time BIND wennie (since 1989, original InterNIC
handle ended in "12"), I finally just started using
"dnsmasq" more recently.  I'm sold as the master for SOHO,
single subnet/subdomains now.  I still need to research
further the security quality on "dnsmasq" before I swear
by it.

Understand I have not been maintaining any serious public
DNS since the mid-'90s (or mail for that matter), hence why
I really haven't done much other than BIND and Sendmail/
Postfix (with some Exim here and there).  I really just
don't do much of it at all, so I'm not one to ask.

But for a small network, unless people know of security
issues (again, I'm not one to ask), "dnsmasq" works very
well.  I used to maintain some sizeable DNS, but it's been
quite awhile since then.  So many of my practices are legacy
in the eyes of some.

Just like the dumb stares when I get when I mention the
O'Reilly posting guidelines for UseNet.  I'm sometimes too
old for my own good with most.


-- 
Bryan J Smith          Professional, Technical Annoyance
b.j.smith at ieee.org    http://www.linkedin.com/in/bjsmith
--------------------------------------------------------
I don't have a "favorite Linux distro."  I use, develop
and support community efforts, often built around Linux.
Technology and solutions are my focus, not dragging in
assumptions, marketing and other concepts which dominate
non-community developed software, which I left long ago.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Leaplist mailing list