[Cialug] Cialug Digest, Vol 101, Issue 11

Moder John II Lee jmoder at me.com
Sat Sep 21 08:21:10 CDT 2013 

Ken, Thank you for your explanation.

So basically you are saying I need to figure out how to make OSXSLS1 the SOA for moderetnyre.net locally.

Does anyone know of a good OSX forum?


Thanks,

John

On Sep 20, 2013, at 9:42 PM, kristau <kristau at gmail.com> wrote:

> I'm coming in to this late, and I haven't read everything in detail so I
> may be missing something. I'm assuming you are running a DNS server on your
> OSX box or some sort of "other" DNS server on the LAN. We will simply call
> this the LAN DNS server.
> 
> In order for that LAN DNS server to resolve both internal and external
> hosts on the moderetnyre.net domain, you need to set it up as if it were
> the one and only Start Of Authority (SOA) for that domain. Even though it
> really isn't (GoDaddy really is), if it doesn't believe that it is it will
> always look up the real SOA and forward the lookups there.
> 
> In short, you are setting up your LAN DNS to be the SOA for that domain --
> just as if you were setting up your own public DNS server. Once you've done
> that, all internal hosts will need to send their DNS requests to your LAN
> DNS server which, believing it is the SOA, will use the entries it has to
> resolve IPs. You can then set your A records to either internal or external
> IPs and they will resolve.
> 
> As far as the wild Internets are concerned, however, GoDaddy will continue
> to be the SOA for your domain. Setting A records on your GoDaddy DNS for
> internal hosts will probably not work, but it may be possible to do that.
> Setting A records for internal hosts out on your public-facing (GoDaddy)
> DNS is a Bad Idea simply because it exposes information about your internal
> network which could be used when trying to attack said network. I know
> certain individuals who used to create prank A records to 127.0.0.x/24
> addresses to bait script kiddies into attacking themselves. "Hey, this host
> is running the same OS and kernel as mine. I'll launch that exploit I
> tested last week which crashed my system."
> 
> 
> On Sat, Sep 21, 2013 at 2:18 AM, Moder John II Lee <jmoder at me.com> wrote:
> 
>> Ok, I think I am missing something very basic here, so please bear with
>> me...
>> 
>> What you are saying is without doing a "Split Horizon" DNS on the OSX box
>> there is no way for me to ping a box on my local network by hostname?
>> 
>> That just doesn't make sense to me.  The OSX box has an A record for the
>> CENTOS1 box, why would godaddy need one for me to ping it on my local
>> network?  I understand if I want to reach the box from the outside that
>> godaddy would need a record, but shouldn't my local DNS be resolved locally
>> when is has the record, and only be forwarded when the record isn't there?
>> 
>> 
>> John
>> -----------------
>> John is not in the sudoers file.  This incident will be reported.
>> 
>> 
>> On Sep 20, 2013, at 8:06 PM, "L. V. Lammert" <lvl at omnitec.net> wrote:
>> 
>>> On Fri, 20 Sep 2013, Moder John II Lee wrote:
>>> 
>>>> I did that on the OSXSLS1 box and it returned:
>>>> 
>>>> OSXSLS1:~ administrator$ dig @10.0.1.2 A Centos1.moderetnyre.net
>>>> 
>>>> ;; QUESTION SECTION:
>>>> ;Centos1.moderetnyre.net.    IN      A
>>>> 
>>>> ;; AUTHORITY SECTION:
>>>> moderetnyre.net.     3600    IN      SOA     ns75.domaincontrol.com.
>> dns.jomax.net. 2013091200 28800 7200 604800 600
>>>> 
>>> You authoritive name servers are at godaddy.com (domaincontrol.com), ..
>> to
>>> properly resolve centos1, you would have to add an A recored at godaddy
>>> for the domain.
>>> 
>>>> With that I agree Zach, I have missed something in setting up the
>>>> OSXSLS1 DNS responder, but I do not know how to fix it.
>>> 
>>> Your OSX machine is working properly to forward inquiries to the
>>> authoritive name server (godaddy), .. the only other option is to run a
>>> split horizon DNS server sudh as dnsmasq, or figure out how to configure
>>> such a service on OSX.
>>> 
>>>      Lee
>>> _______________________________________________
>>> Cialug mailing list
>>> Cialug at cialug.org
>>> http://cialug.org/mailman/listinfo/cialug
>> 
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>> 
> 
> 
> 
> -- 
> Tired programmer
> Coding late into the night
> The core dump follows
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list