Clarification on roles of networking components.

Robert Moskowitz rgm at htt-consult.com
Wed Mar 4 21:45:52 UTC 2009 

Simon Slater wrote:
> On Wed, 2009-03-04 at 12:34 -0500, Robert Moskowitz wrote:
>   
>> Flaschen, Matthew S wrote:
>>     
>>>> If he has internal servers that local hosts need access to.
>>>>     
>>>>         
> At the moment one server offering limited services internally, nothing
> external.
>   
>>>   
>>>       
>>>> For example. If he is running an Netbios server and the clients need to 
>>>> access shares on it.
>>>>     
>>>>         
>>> Right. 
>>>       
>>>> He does not want the world to know about this NAS, 
>>>>         
>>> Obviously
>>>       
>>>> plus it probably has an RFC1918 address.
>>>>         
>>> I would definitely recommend a local-only address for the local services. 
>>>       
>>>> So with a local BIND server, he would set up an Internal view.
>>>>         
>>> He /could/ do that but you haven't said why he should.  If he wants his DNS/DHCP server connected to the outside internet, I would recommend he get two ethernet cards, eth0 and eth1, then configure dnsmasq to only serve on only the local interface.  Note that this doesn't require any DNS-specific configurations.  It is inherently simple and secure.
>>>
>>>       
>>>> Perhaps he has an internal WiKi. I can go on with internal servers that 
>>>> need name resolution. 
>>>>     
>>>>         
>>> I think he wants name resolution for all local hosts (why not?).
>>>
>>>       
> Yes
>   
>>>> He can maintain all of this in hosts files on each 
>>>> client as he seems to have done, or he can run his own internal DNS 
>>>> server with an internal view. 
>>>>     
>>>>         
>>> Nowhere do you say why the complexity of BIND is necessary.  He would be served very well (no pun intended) with a far simpler DNS implementation.
>>>       
>> So your issue is not DNS, but rather the BIND implementation of DNS.
>>
>> I have been working with BIND since '93. I have not spent any time 
>> looking at any other implementations of DNS
>>
>> Go with whatever floats your boat.
>>
>> Webmin DOES make working with BIND reasonable.
>>
>>
>>     
> Now I've caught up on some sleep I can continue with a clearer head.
> The single server has 2 nics, one internal the other to the dsl router.
> For now internal name resolution and dhcp is the issue, but more
> internal services will be added down the road, as well as web server
> usw.  I started with dhcpd but this does seem more powerful than I need
> now.  I'll check out dnsmasq today.
webmin makes dhcpd easier, but as you mentioned there is dnsmasq.

More information about the users mailing list