[wellylug] DNS networking

Enkidu enkidu at cliffp.com
Thu May 13 19:26:14 NZST 2004

On Thu, 13 May 2004 14:36:24 +1200, you wrote:

>Hi all
>I am thinking of getting a static IP. I'd like to host chalaron.org by 
>Now I need some config advice for the DNS
>My box server (with bind) is
>My DNS is configured as (with forward first etc...)
The best way to do it is with DNS outside the firewall. However it
should work inside...

>; <<>> DiG 9.2.1 <<>> myserver.chalaron.org
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16372
>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
>;myserver.chalaron.org.             IN      A
>myserver.chalaron.org.      86400   IN      A
>chalaron.org.           86400   IN      NS      myserver.chalaron.org.
>;; Query time: 4 msec
>;; WHEN: Thu May 13 15:14:56 2004
>;; MSG SIZE  rcvd: 65
>Now this box is behind a firewall (DSL modem Allied). The firewall is 
>forwarding port 53 to myserver.chalaron.org.
>So far a couple of test show that forwarding 110,22,80 are Ok.. so should be 
>questions now :
>A/ In a windows machine anywhere outside my Lan I should give my_static_IP as 
>first DNS ? right or wrong ?

In a Windows machine pre-2000 the *second* DNS server is used only if
there is no response from the first DNS server. A response can be
"Here is the IP address you want" or "I can't find that IP address".
If the reponse is "I can't find that IP address" the second DNS is
*NOT* tried. In Windows 2000 (and presumably later), if the first DNS
doesn't respond with a positive or negative the DNSes are switched,
first for second. If the second (now first) DNS server responds, it is
always tried from then on.

So if you want to access your DNS from outside, yes, it needs to be
first, and it needs to be set up correctly to forward DNS queries to
the outside world. It will (if it is able to respond the *ONLY* DNS to
be queried by the Windows machine.

>B/ The same would apply for resolv.conf ? right ?

Assuming that the resolver works the same way on Linux, only the first
DNS server to respond *with a negative or positive response* will be

>C/ Should I change my DNS config for 
>myserver.chalaron.org.      86400   IN      A       my_static_ip
Don't understand the question.
>D/ DNS is on TCP or should I forward UDP ?
Both, both ways.



More information about the wellylug mailing list