[Leaplist] DNS intranet advice

John Simpson jms1 at jms1.net
Mon Nov 10 14:19:28 EST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2008-11-08, at 2141, Dan Cherry wrote:
>
> I'm using bind9, and currently everything is working with 2 local  
> zones.
>
> One called local., the other 1.168.192.in-addr.arpa
>
> Everything seems to be working okay (with the known exception of  
> avahi, which
> seems to choke on .local)
>
> I'm about to change .local to something like .internal, .int, .home,  
> or
> whatever.  But is there any advantage to using any particular name  
> (remember
> this is internal behind a Linksys router)?  Or for that matter using  
> two
> names such as 'myhome.internal'?

my experience is that using "local." can interfere with other  
"automatic" things, like the zeroconf/bonjour/whatever-the-hell-they- 
call-it-this-week networking that apple likes to use.

i've also found that, when setting up a corporate client with an  
"active directory", things go much more smoothly if their AD domain  
name is NOT a name which actually exists in the real world. for  
example, if i'm setting up a client called "XYZ", i would make their  
AD domain name "xyz.internal." rather than their real public  
"xyz.com." domain, used by the outside world to reach their web site  
and send them email. (this, of course, was after the client had built  
their own AD controller using "xyz.com.", then couldn't understand  
why, after a contractor they hired to re-write their web site, set up  
a test web server inside the network with the local machine name  
"www", and essentially took down their public web site, hosted with an  
outside hosting company...)


> It appears that I'll only need to change the names of .local in the  
> two zones,
> and everything else should remain the same.
>
> Then a change to host names, mail configs, etc should complete the  
> task.
>
> Any advice, or anything I'm missing?

without seeing the actual configs i can't say for sure, but at first  
glance it sounds sane.


> (Also, John, I'll consider trying djbdns, but if I switch, i'll have  
> to start
> from scratch - vs. making two fairly simple changes to two files I'm  
> already
> familiar with - so I'll need to find some decent tutorials.)

or come to an installfest and i'll help you with it. it's different,  
but it's not too hard to get used to- and once you are used to it,  
it's very easy.

i haven't written any "tutorials" on djbdns. most of what's on my web  
site about it, revolves around some patches i wrote for it. i'm sure  
there are tutorials out there, but you need to realize that a lot of  
people are out there writing web pages without really understanding  
what they're writing about. qmailrocks.org is a good example of this-  
the same guy has "djbdnsrocks.org", and while i haven't gone through  
it with a fine-toothed comb, i would be very surprised if it's any  
better than qmailrocks is. (and qmailrocks, to put it bluntly, is a  
steaming pile.)


- --------------------------------------------------------
| John M. Simpson  --  KG4ZOW  --  Programmer At Large |
| http://www.jms1.net/                 <jms1 at jms1.net> |
- --------------------------------------------------------
|   Hope for America  --  http://www.ronpaul2008.com/  |
- --------------------------------------------------------





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkkYiUAACgkQj42MmpAUrRoZPwCfRcg2rt33PJOM6FIEk/SMqb21
fOcAn1n/e2yUE1Zd895KLH0oUZ8WjTfo
=JmhP
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Leaplist mailing list