different zone theories

Ok, so I've been wrestling with this concept for a couple of days now. I just woke up(it's about 4 o'clock am) to use the bathroom. As I'm in the toilet I'm thinking about his darn concept. For some reason, I got it, it made sense to me, so I wiped and came straight to my laptop to post this message before i go back to bed and forget about it and possible struggle with the concept for a couple of more days.

It would probably be beneficial if I describe my current network setup:

Router 1(R1) is a linux computer connected to the internet using a static ip address. A hub(H) is connected to that computer. Computer 1(C1) is a linux box. Computer 2 (C2) is a dual booter XP/RH9 machine. C1 and C2 are connected to the hub which is connected to R1. Router 2(R2) is a cheap little $75 dollar belkin router which is also connected to the hub(H). Computers C3 - C5 are all dual boot computers, running Windows and RH9. These 3 computers are connected to Router 2, which in turn is connected to the hub. PS2 is a playstation two with the broadband modem which is connected to the Router 2 which is connected to the hub which is connected to Router1 which has the internet connection. All the names, C1-C5 and R1 are the actual names the computers are given as their hostnames.

I've been reading DNS & BIND, 4th edition by O'reilly. In the book it mentions that when you define a zone there are certain resource records that you put in the file. Some of these include SOA, NS, etc. The problem is that as I would read what was supposed to go into those file it didn't made sense to me why some of those resource records would go in there.

Let's suppose I bought three domain names, bigsite.com , mediumsite.com and littlesite.com. Let's also assume that bigsite.com come is gonna be my main site. bigsite.com is also the name of my internal network. The other sites provide a service but arent as important to me. Because of that, I want to devote most of my resources to the bigsite.com domain.

After reading the examples of the book, a zone file for my main site, bigsite.com, would look like this:

filename: db.bigsite.txt


Because this is the zone file for my main site, bigsite.com, which is also the name of my internal network I put information about all the hosts that I want the public to know about. Correct?
Notice how I'm giving a alias to computer named C1.bigsite.com. The alias is ns1.bigsite.com. Can I do this?

The following is a sample of my two address to name file. Remember I have to routers in my network setup which means that I have to subnets.

Subnet 1. Filename: db.192.168.0.txt


Subnet 2. Filename: db.192.168.2



Ok, the above was for my main site and network, bigsite.com. Let's say that I want to add a record for my newly acquired site mediumsite.com, is this all I have to add?

filename: db.mediumsite.txt



I don't have to anything else to this zone file because I don't want the general public to know about the other computers in the network as relating to this domain right?
Notice above. I do this:
mediumsite.com. IN SOA ns1.bigsite.com. postmaster.bigsite.com.
Not this:
mediumsite.com. IN SOA C1.bigsite.com. postmaster.bigsite.com.
Is this correct?


Damn! this post is long a hell. This is my longest post ever. If you actually read the whole thing, thanks. Damn! again. I've been writing this for 1 1/2 hours. I'm going to sleep.

Happy New Years!!!!

The problem with long posts is that once you finish reading it, you kinda forget what the questions were. A quick summary of what you're asking would be nice. However, here's my best attempt to answer with everything you want to know:

1) All your questions referring to public vs private dns information is handled here...

BIND supports "views" to solve this kind of problem. Basically, what it does is make it so that the same request from the internet and the LAN will produce two different results. So you configure that requests coming from the 192.168/8 IP branch will return the private information, and everybody else will get the public information. "www.bigsite.com" would return your private lan IP for requests originating from the LAN, and everybody else would get the public IP. In implementation, you have 2 seperate zone files for the bigsite.com zone and they are served to the public or the private as specified in the named.conf.

So in your private "view" you can use the C1 and C2 names. In the public "view" you can use the ns1 and ns2 names. No CNAME records are necessary.

2) "Shouldn't the address be specific, rather than just showing the first 3 octets"

No, cause you are setting the NS servers for the entire 192.168.0.x IP block.

You are right about the summary. Here are some quick sumarized questions:
The first two are about the first zone file.
1) Because this is the zone file for my main site, bigsite.com, I put information about all the hosts that I want the public to know about. Correct?

2) Also, notice how I'm giving an alias to computer named C1.bigsite.com. The alias is ns1.bigsite.com. Can I do this?

3) The second and third zone files are address to name mapping. This is the authoritive server for those zones, that's why I put those files there. I don't have to put those file in other DNS servers on the network unless they are authoritive for the zones, right?

4) In the last zone file, db.mediumsite.txt, I put only the information about how to get to the site, I don't have to put host information about other computers on the network, or do I? BTW, in the name servers sections ns1.bigserver.com is supposed to be ns1.bigsite.com

5) Also, notice in the last zone I do this:
mediumsite.com. IN SOA ns1.bigsite.com. postmaster.bigsite.com.
Not this:
mediumsite.com. IN SOA C1.bigsite.com. postmaster.bigsite.com.
ns1.bigsite.com is an alias for C1.bigsite.com
Is the first one correct or should I use the second form?

1) This question is obsolete. Use "views" and in one bigsite.com zone file you put the public hosts, and in the other file you put the private hosts.

2) This question is obsolete. Use "views" and you won't have to use CNAMES. But to answer your question anyway, the answer is no. They must be NS records.

3) Kinda correct. It would be better to say that you only put those files on systems with a DNS server that is a MASTER for the zone. Both MASTER's and SLAVE's are considered authoritative for a zone. The difference is that the file is stored on the MASTER and the SLAVE downloads a copy of the zone info from the MASTER.

4) Yes, in that file you may at least specify 5 records. 1 SOA + 2 NS + 2 A records. One A record is for the root domain, the other is for the www host.

5) This question is obsolete. Only use "ns1.bigsite.com" cause by using "views" the world will never see your Cx hosts.

coolio

I didn't bother to read the entire thread because it's long and some useless craps were added to make it even longer.
ns1.bigsite.com and ns2.bigsite.com MUST NOT be configured as CNAME to C1.bigsite.com and C2.bigsite.com.

I had already told him that.

I know, but your No CNAME records are necessary. statement wasn't strong enough. He might think it's possible but not suggested.

I had answered him twice.

"But to answer your question anyway, the answer is no. They must be NS records."

He was trying to use CNAME in place of NS, which is completely wrong, not having both NS and CNAME records which is very ugly and inefficient but technically may work.