[Cialug] Cialug Digest, Vol 101, Issue 11

L. V. Lammert lvl at omnitec.net
Sat Sep 21 18:14:54 CDT 2013


On Sat, 21 Sep 2013, L. V. Lammert wrote:

> On Sat, 21 Sep 2013, Moder John II Lee wrote:
>
> > Lee, thank you for your explanation.  I think I am beginning to understand.
> >
> That's great! I deal with it all the time, and have to keep kicking myself
> when I figure out a problem for which I should have KNOWN the answer.
>
> > I don't do a lot of server work, but the systems that I do work on all
> > tend to function this way, so you are saying that they all have a split
> > horizon DNS setup on them?
> >
> The main points to remember:
>
>  * The hosts file overrides any DNS lookup, on ALL platforms.
[Sorry, sent accidentally before finished.]

   * DNS queries will always to go the authoritative host of record;
   * Careful inspection of a dig will verify the authoritative servers.
   * Veriy configured servers with whois.

If you DO need to run a local zone [offnet], either use host entries
(works on all platforms), or a split horizon DNS server such as dnsmasq.

> Does Microsoft do this natively,
>
The big difference with MS is that they do their OWN DNS, canned a
"Domain", internally to the MS network. It can be a royal PAIN to predict
what exactly will happen when you want a real DNS query in a MS network
and happen to use a domain name that MS thinks their server owns.

> need to "trick" OSX and Linux systems into doing this?  I apologize for
> the naive questions, but one of the reasons I am doing this is to
> understand it better.
>
Clues above, ..

> > So basically you are saying similar to what Ken did, is that I need
> > to find a way to make OSXSLS1 the SOA for the local net, but I may
> > need to use something like dnsmasq to trick it to doing so?
> >
Not quite; I would not recommend any 'tricks' - they can backfire at
inopportune moments.

The simles solution is to setu phost entries on your two internal
machines, no 'real' domain name needed..

> > I am still having a bit of a disconnect though--  On both boxes I get the same results--
> >
> > When I dig @10.0.1.2 A OSXSLS1.moderetnyre.net. I return the record's authority section pointing to OSXSLS1.moderetnyre.net.
> >
> > When I dig @10.0.1.2 A CentOS1.moderetnyre.net I return the SOA to godaddy.
> >
> > My confusion is that in the zone file on OSXSLS1 I have machine (A)
> > records for both CentOS1, and OSXSLS1.  Both record are formatted
> > identically, outside their unique names/IPs.
> >
When you force a dig to the machine, it works the way you expect; the
difference is that when you run a 'normal' (i.e. unforced) DNS query from
a machine other than the OSX box, it gets forwarded to the real server.

> > The DNS server on OSXSLS1 is set to accept recursive queries from localnets and 10.0.1.0/24.
> >
'Accepting' and being authoritative are separate issues, however. My
recommendation is to simplify your life and setup hos entries on both
machine.

	Lee


More information about the Cialug mailing list