diff --git a/docs/SplitDNS.xml b/docs/SplitDNS.xml new file mode 100644 index 000000000..d665a7251 --- /dev/null +++ b/docs/SplitDNS.xml @@ -0,0 +1,122 @@ + + +
+ + + + Simple way to set up Split DNS + + + + Tom + + Eastep + + + + + + + 2008 + + Thomas M. Eastep + + + + Permission is granted to copy, distribute and/or modify this + document under the terms of the GNU Free Documentation License, Version + 1.2 or any later version published by the Free Software Foundation; with + no Invariant Sections, with no Front-Cover, and with no Back-Cover + Texts. A copy of the license is included in the section entitled + GNU Free Documentation + License. + + + +
+ What is Split DNS + + Split DNS is simply a configuration in which + the IP address to which a DNS name resolves is dependent on where the + client is. It is most often used in a NAT environment to insure that + lodcal clients resolve server names to their local RFC 1918 addresses + while external clients resolve the same server names to their public + counterparts. +
+ +
+ Why would I want to use Split DNS? + + See Shorewall FAQ 2. +
+ +
+ Setting up Split DNS + + Setting up Split DNS is extremely simple: + + + + Be sure that your firewall/router can resolve external DNS + names. + + + + Install the dnsmasq package and + arrange for it to start at boot time. + + + + Add your local hosts to /etc/hosts on the + firewall/router using their local RFC 1918 addresses. Here's an + example:# +# hosts This file describes a number of hostname-to-address +# mappings for the TCP/IP subsystem. It is mostly +# used at boot time, when no name servers are running. +# On small systems, this file can be used instead of a +# "named" name server. +# Syntax: +# +# IP-Address Full-Qualified-Hostname Short-Hostname +# + +127.0.0.1 localhost + +# special IPv6 addresses +::1 localhost ipv6-localhost ipv6-loopback + +fe00::0 ipv6-localnet + +ff00::0 ipv6-mcastprefix +ff02::1 ipv6-allnodes +ff02::2 ipv6-allrouters +ff02::3 ipv6-allhosts +127.0.0.2 ursa.shorewall.net ursa +172.20.1.1 linksys.shorewall.net linksys +192.168.0.1 opensuse.shorewall.net opensuse +192.168.0.2 debian.shorewall.net debian +192.168.0.3 ubuntu.shorewall.net ubuntu +192.168.0.4 fedora.shoreawll.net fedora +192.168.0.5 opensuse11.shorewall.net opensuse11 +192.168.0.6 centos.shorewall.net centos +192.168.0.7 debian32.shorewall.net debian32 +192.168.0.8 fedora9.shorewall.net fedora9 +206.124.146.254 blarg.shorewall.net blarg + + + + + Configure your local network hosts to use the firewall/router as + their DNS server. If your local hosts are configured using DHCP, that + is a simple one-line change to the DHCP configuration. + + + + And that's it! Your local clients + will resolve those names in the firewall/router's + /etc/hosts file as defined in that file. All other + names will be resolved using the firewall/router's Name Server as defined + in /etc/resolv.conf. +
+
\ No newline at end of file