Public/private DNS server

[jas_esp]

Hi

We have installed ISPConfig for a small ISP. The DNS server installed on it resolves request for the domains configured in ISPConfig and external domains too. Though the ISP has an IP range for its network, we want that hosts in its range could be able to resolve any domain, but external hosts (Internet) could resolve only domains configured in ISPConfig. How could this be done?

Thanks

[tollan]

Please point me a direction, and I'll find solution. (witch script is for writing named.conf ?)

[till]

If you just want to set some basic named.conf settings, you dont have to change any scripts. Just change the named.conf.master template in /root/ispconfig/isp/conf/

[tollan]

"If you just want to set some basic named.conf settings" if I would lake that I wouldn't use ISPConfig.

I need for every new zone (domain) to create "view internals" and "view externals", just help me start, and I'll contribute.

please help and thanks, heeelp me helping you

[pakogah]

hope this solve your case

http://www.howtoforge.com/two_in_one_dns_bind9_views

[tollan]

tnx pakogah...

[tollan]

Till Help me ! This doesn't do job ...

Code:

acl "internels" { 192.168.0.0/16; }

options {
        pid-file "/var/lib/named/var/run/named/named.pid";
        directory "{BINDDIR}";
        auth-nxdomain no;
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;
};

//
// a caching only nameserver config
//

view "internals" {
    match-clients { "internals"; };
    recursion yes;
    allow-recursion { internals; localnets; localhost; };
    allow-query { internals; localnets; localhost; };
    allow-query-cache { internals; localnets; localhost; };

    zone "." {
        type hint;
        file "root.hint";
    };

    zone "0.0.127.in-addr.arpa" {
        type master;
        file "127.0.0.zone";
    };

    <!-- BEGIN DYNAMIC BLOCK: named_int -->
    zone "{DOMAIN_INT}" {
        type master;
        file "int.{DOMAIN_INT}";
    };
    <!-- END DYNAMIC BLOCK: named_int -->

};

view "externals" {
    match-clients { "any"; };
    recursion no;

    <!-- BEGIN DYNAMIC BLOCK: named -->
    zone "{DOMAIN}" {
        type master;
        file "pri.{DOMAIN}";
    };
    <!-- END DYNAMIC BLOCK: named -->

    <!-- BEGIN DYNAMIC BLOCK: named_reverse -->
    zone "{ZONE}.in-addr.arpa" {
        type master;
        file "pri.{ZONE}.in-addr.arpa";
    };
    <!-- END DYNAMIC BLOCK: named_reverse -->

    <!-- BEGIN DYNAMIC BLOCK: named_slave -->
    zone "{DOMAIN}" {
        type slave;
        file "sec.{DOMAIN}";
        masters { {MASTERS}; };
    };
    <!-- END DYNAMIC BLOCK: named_slave -->
};
//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////

[tollan]

ok, this is my HOW TO SPLIT DNS, I did get results

1. named.conf.master -> modify as I did above

2. root/ispconfig/scripts/lib/classes/ispconfig_bind.lib.php -> modify/add next lines

...
$mod->tpl->define_dynamic( "named", "table" );
$mod->tpl->define_dynamic( "named_int", "table" ); $mod->tpl->define_dynamic( "named_slave", "table" );
...

...
if($domain != ""){
// Variablen zuweisen
$mod->tpl->assign( array( 'DOMAIN' => $domain));
$mod->tpl->parse('NAMED',".named");
$mod->tpl->assign( array( 'DOMAIN_INT' => $domain));
$mod->tpl->parse('NAMED_INT',".named_int");
}
...


...
$mod->file->wf($bind_file, $zonefile_text);
$mod->file->add_trailing_newline($bind_file);

$bind_int = $mod->system->server_conf["server_bind_zonefile_dir"]."/int.".$dns["dns_soa"];
$intzone_text = str_replace("195.152.62.2", "192.168.0.9", $zonefile_text);
$mod->file->wf($bind_int, $intzone_text);
$mod->file->add_trailing_newline($bind_int);

$bind_restart = 1;
} else {
...

...
if(substr($file,-1) == '~'){
if(!$mod->system->grep($named_conf_content, substr($file,0,strlen($file)-1), 'w') && (substr($file,0,4) == "pri." || s
ubstr($file,0,4) == "sec." || substr($file,0,4) == "int.")) $files[] = $dir.$file;
} else {
if(!$mod->system->grep($named_conf_content, $file, 'w') && (substr($file,0,4) == "pri." || substr($file,0,4) == "sec."
|| substr($file,0,4) == "int.")) $files[] = $dir.$file;
}
...

I told You ...

[pakogah]

Hi Tollan, I'll be your beta tester for it if your environment the same as I.

From what I see, you need ISPconfig to create 2 zone
- 1 created by ISPconfig (as usual) will be used as external views with IP 192.168.0.9
- then internal views for your LAN PC by accessing IP 192.168.100.1

so when outsider like I, calling domain.tld that hosted on your box. your DNS will gave me IP 192.168.0.9
but from your local PC, accessing domain.tld will resolve to 192.168.100.1

I have several question about it
- What ISPconfig version you use? I am using the latest 2.2.21
- What IP address you use on your ISPconfig box?
(Management >> Server >> Settings >> Server >> IP Address)
is it 192.168.0.9?
why are you using IP 192.168.0.9 for external views? isn't 192.168.x.x only be used as local network

sorry a lot of question, I just started using ISPconfig and my box is on internal network (DMZ) using local IP (10.10.48.232) that NAT'ed by Firewall (202.158.48.232). I can ping and resolve domain with record 10.10.48.232 but when I change IP address used by ISPconfig into 202.158.48.232, I wont be able accesing hosted sites

that's why I am also interesting with your topics.
regards,

[tollan]

"I'll be your beta tester" no I didn't mean someone to test, but maybe author of that script to check if that's ok.

I was bussy implementig ISPConfig at my plase. (Soo it means there only you and me need that ?

192.168.0.9 is local DMZ address
192.168.100.1 is bad example od Public IP address, for I'll change that to 194.23.34.46

A1. ISPConfig Version: 2.2.21
A2. I curently use from lan 192.168.0.9 and from outside 194.23.34.46
A3. Yes, it is 192.168.0.9

and hmmm give me 2 hours, to implement and check complet idea, and I'll comeback