From 8fc1a0876692c32598f9e5ec6dd5a31b1d648e69 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 22 Mar 2010 19:56:45 -0700
Subject: [PATCH] Expand Split DNS Article

---
 docs/SplitDNS.xml | 105 ++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 88 insertions(+), 17 deletions(-)

diff --git a/docs/SplitDNS.xml b/docs/SplitDNS.xml
index 91228aa4e..062824992 100644
--- a/docs/SplitDNS.xml
+++ b/docs/SplitDNS.xml
@@ -86,6 +86,46 @@
 
 127.0.0.1       localhost
 
+<emphasis role="bold">172.20.0.1      openvpn.shorewall.net   openvpn
+172.20.0.2      vpn02.shorewall.net     vpn02
+172.20.0.3      vpn03.shorewall.net     vpn03
+172.20.0.4      vpn04.shorewall.net     vpn04
+172.20.0.5      vpn05.shorewall.net     vpn05
+172.20.0.6      vpn06.shorewall.net     vpn06
+172.20.0.7      vpn07.shorewall.net     vpn07
+172.20.0.8      vpn08.shorewall.net     vpn08
+172.20.0.9      vpn09.shorewall.net     vpn09
+172.20.0.10     vpn10.shorewall.net     vpn10
+172.20.0.11     vpn11.shorewall.net     vpn11
+172.20.0.12     vpn12.shorewall.net     vpn12
+172.20.0.13     vpn13.shorewall.net     vpn13
+172.20.0.14     vpn14.shorewall.net     vpn14
+172.20.0.15     vpn15.shorewall.net     vpn15
+172.20.0.16     vpn16.shorewall.net     vpn16
+
+172.20.1.1      linksys.shorewall.net   linksys
+172.20.1.100    hp8500.shorewall.net    hp8500
+172.20.1.102    ursa.shorewall.net      ursa
+172.20.1.105    tarry.shorewall.net     tarry
+172.20.1.107    teastep.shorewall.net   teastep
+172.20.1.109    hpmini.shorewall.net    hpmini
+
+172.20.1.130    lanursa.shorewall.net   lanursa
+172.20.1.131    wookie.shorewall.net    wookie
+172.20.1.132    tipper.shorewall.net    tipper
+172.20.1.133    nasty.shorewall.net     nasty
+172.20.1.134    ursadog.shorewall.net   ursadog
+172.20.1.135    opensuse.shorewall.net  opensuse
+172.20.1.136    centos.shorewall.net    centos
+172.20.1.137    fedora.shorewall.net    fedora
+172.20.1.138    debian.shorewall.net    debian
+172.20.1.139    archlinux.shorewall.net archlinux
+172.20.1.140    foobar.shorewall.net    foobar
+172.20.1.141    deblap.shorewall.net    deblap
+172.20.1.254    firewall.shorewall.net  firewall
+
+206.124.146.254 blarg.shorewall.net     blarg
+</emphasis>
 # special IPv6 addresses
 ::1             localhost ipv6-localhost ipv6-loopback
 
@@ -95,24 +135,18 @@ ff00::0         ipv6-mcastprefix
 ff02::1         ipv6-allnodes
 ff02::2         ipv6-allrouters
 ff02::3         ipv6-allhosts
-127.0.0.2       ursa.shorewall.net ursa
-<emphasis role="bold">172.20.1.1      linksys.shorewall.net     linksys
-192.168.0.1     opensuse.shorewall.net    opensuse
-192.168.0.2     debian.shorewall.net      debian
-192.168.0.3     ubuntu.shorewall.net      ubuntu
-192.168.0.4     fedora.shoreawll.net      fedora
-192.168.0.5     opensuse11.shorewall.net  opensuse11
-192.168.0.6     centos.shorewall.net      centos
-192.168.0.7     debian32.shorewall.net    debian32
-192.168.0.8     fedora9.shorewall.net     fedora9</emphasis>
-206.124.146.254 blarg.shorewall.net       blarg
+
+<emphasis role="bold">2002:ce7c:92b4::1       gateway6.shorewall.net  gateway6
+2002:ce7c:92b4:1::2     mail6.shorewall.net     mail6
+2002:ce7c:92b4:1::2     lists6.shorewall.net    lists6
+2002:ce7c:92b4:2::2     server6.shorewall.net   server6</emphasis>
+
 </programlisting></para>
       </listitem>
 
       <listitem>
-        <para>Configure your local network hosts to use the firewall/router as
-        their DNS server. If your local hosts are configured using DHCP, that
-        is a simple one-line change to the DHCP configuration.</para>
+        <para> If your local hosts are configured using DHCP, that is a simple
+        one-line change to the DHCP configuration.</para>
       </listitem>
     </orderedlist>
 
@@ -128,8 +162,45 @@ ff02::3         ipv6-allhosts
 linksys.shorewall.net has address 206.124.146.180
 gateway:~ # </programlisting></para>
 
-    <para>From ubuntu (192.168.0.3):<programlisting>teastep@ubuntu:~$ host linksys
+    <para>From Tipper (192.168.1.132):<programlisting>teastep@tipper:~$ host linksys
 linksys.shorewall.net has address 172.20.1.1
-teastep@ubuntu:~$ </programlisting></para>
+teastep@tipper:~$ </programlisting></para>
+
+    <para>As a bonus, dnsmasq can also act as a DHCP server. Here are some
+    exerpts from the corresponding /etc/dnsmasq.conf:</para>
+
+    <programlisting>interface=eth1
+
+dhcp-range=172.20.1.210,172.20.1.219,24h
+
+dhcp-host=00:11:85:89:da:9b,172.20.1.220
+
+dhcp-host=00:1A:73:DB:8C:35,172.20.1.102
+dhcp-host=00:25:B3:9F:5B:FD,172.20.1.100
+dhcp-host=00:1F:E1:07:53:CA,172.20.1.105
+dhcp-host=00:1F:29:7B:04:04,172.20.1.107
+dhcp-host=00:24:2b:59:96:e2,172.20.1.109
+
+dhcp-host=00:1B:24:CB:2B:CC,172.20.1.130
+dhcp-host=00:21:5a:22:ac:e0,172.20.1.131
+dhcp-host=08:00:27:B1:46:a9,172.20.1.132
+dhcp-host=08:00:27:31:45:83,172.20.1.133
+dhcp-host=08:00:27:28:64:50,172.20.1.134
+dhcp-host=08:00:27:4b:38:88,172.20.1.135
+dhcp-host=08:00:27:f6:4d:65,172.20.1.136
+dhcp-host=08:00:27:dc:cd:94,172.20.1.137
+dhcp-host=08:00:27:0f:d3:8f,172.20.1.138
+dhcp-host=08:00:27:42:9c:01,172.20.1.139
+dhcp-host=08:00:27:5a:6c:d8,172.20.1.140
+dhcp-host=08:00:27:da:96:78,172.20.1.141
+
+dhcp-option=19,0           # option ip-forwarding off
+dhcp-option=44,0.0.0.0     # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
+dhcp-option=45,0.0.0.0     # netbios datagram distribution server
+dhcp-option=46,8           # netbios node type
+dhcp-option=47             # empty netbios scope.
+
+dhcp-option=option:domain-search,shorewall.net
+</programlisting>
   </section>
-</article>
\ No newline at end of file
+</article>