Name service behind a firewall/NAT router

Bill Freeman f at ke1g.mv.com
Fri Jan 5 12:53:04 EST 2007 

I live in a couple of instances of a private (192.168...) LAN behind a
firewall/NAT/router appliance (Linksys, Netgear).

There are several machines on each of these LANs, at least one of which
is an (almost) always on linux box.

We get tired of typing IP addresses, and would like to refer to machines
by name.  For the linux and mac os x boxes I could make entries in /etc/hosts,
and there's probably a similar file on the xp, 2k, and 98 boxes, but then
I'm stuck keeping them in sync.  It seems like I ought to be able to run
a name server on the linux box.  I could go read the DNS and BIND book for
a while, or try to think of other combinations to google, but I thought that
maybe someone here has already dealt with this scenario, and I could be lazy.

I have no desire to make these machines visible on the internet as a whole.
While I have some throw away domains available, what I'd really like is to
have single word (no "."s) hostnames resolved to IP addresses on the LAN,
and everything else resolved by the ISP's nameserver.  I fool myself that
I understand DNS enough to know that the local nameserver is willing to
get stuff from the outside nameserver as necessary.

One gotcha is that it would be nice if the local machines would use or at
least fall back to the ISP's nameserver against the possibility that the
local nameserver crashes (gets unplugged by the cleaning woman) when I'm
not around to bring it back up.

In addition to setting up a nameserver, it seems that I probably have to
fiddle the DHCP server on the router to tell the local machines about my
nameserver.  (Clearly, it would still be good if my nameserver could find
out about it if the ISP changed their nameserver IP, but this is a lesser
problem.)  Again, because the linux box could be down (really old hardware),
it's not particularly inviting to run a DHCP server there, but the router
may not be fully configurable.  (I could re-flash my home one with open
source code, but probably not others.)  Is there a way to fail-over DHCP
servers?  I could conceivably run backup servers on one of the mac os x
boxes.

I'll worry about making two such LANs route to one another via openVPN
sometime in the future.

Any prefabricated solutions out there?

Bill

More information about the gnhlug-discuss mailing list