Complex Networking Trouble

I have a rather interesting network setup that I'm trying to configure.**In
ASCII art:

***********************************************10.0.0.0/8
192.168****192.168.0.1----------*************/---------\
..0.0/24|--x-----------| SERVER |------------x| Clients |
*******|192.168.0.2***----------10.0.0.2*****\---------/
***------------**********|
***|*WWW/MAIL*|**********|
***------------**********|***************KEY:*"x"*=*switch
********|****************|
********|66.99.20.134/27*|
********|66.99.20.133/27*|66.99.20.132/27
*******INET*************INET

To summarize, the machine SERVER is connected to three networks: 1) the
Internet, with a static IP address.**2)*a*internal*private*network*of
clients/workstations, using the 10.0.0.0/8 address range.**Its*IP*address
on this network is 10.0.0.2**3)*Another*internal*private*network*with*the
subnet 192.168.0.0/24.**Its*IP*address*on*this*network*is*192.168.0.1.

This third network serves as a high-speed. private connection between all
machines acting as Internet servers.**Presently,*this*is*only*one*other
machine acting as the Web and Mail server.**I'm*using*two*IP*addresses*so
as to move the mail server to its own machine.

On the "server" machine, I'm currently running an LDAP server, NFS server,
DHCP server and SSH server for both private networks.**The*SSH*server*is
also open to incoming connections from the Internet.

My problem here is how to setup hostnames/DNS for the machines on the
network, especially the SERVER and the web & mail server.**Basically,*the
DNS hostnames that will be entered into our ISP's name server are set in
stone.**66.99.20.132->muncc.marmionacademy.org.*
66.99.20.133->www.muncc.marmionacademy.org.
66.99.20.134->mail.muncc.marmionacademy.org.

What I need to know is what to set for hostname and domain names for
machines on the internal network.**This*is*especially*confusing*because,*in
order to use Secure LDAP on both internal networks, the common name entry
of the certificate must be set to the FQDN of the server, which clients on
both networks have to connect to.

Now that my long-winded explanation of the situation is complete, I'm open
to suggestions as to what path to take.**Will*I*need*to*setup*one*(or*more)
DNS servers?**Should*I*host*DNS*information*for*the*internet-connected
machines myself, or should I leave it to the ISP, etc, etc.

Thanks in advance for any help you can provide.

>**Will*I*need*to*setup*one*(or
> more) DNS servers?**Should*I*host*DNS*information*for*the
> internet-connected machines myself, or should I leave it to the ISP, etc,
> etc.

I have a similar situation, though smaller and simpler, in my home LAN. I
use dnsmasq. It's a cacheing DNS forwarder, which means that it can do the
following for you:

- resolve the names of your LAN hosts, based on whatever information you
give it, e.g. /etc/hosts.

- forward any remaining requests upstream to your ISP's nameservers, and
send the results back to your clients.

- as an added bonus, cache any results that it gets from upstream, so that
next time it can answer more quickly without having to ask upstream again
(a big win on slow external links such as dialup, though maybe not for
you).

- as another added bonus, also act as a DHCP server, if you want it to.

dnsmasq works very well for our LAN, and it frees you from having to run a
full-blown DNS server. Let your ISP do that work for you.

Good luck,
Andrew.

--
To reply by email, replace "deadspam.com" by "alumni.utexas.net"

Patrick McDonnell wrote:

> I have a rather interesting network setup that I'm trying to configure. In
> ASCII art:
>
> 10.0.0.0/8
> 192.168 192.168.0.1---------- /---------\
> .0.0/24|--x-----------| SERVER |------------x| Clients |
> |192.168.0.2 ----------10.0.0.2 \---------/
> ------------ |
> | WWW/MAIL | |
> ------------ | KEY: "x" = switch
> | |
> |66.99.20.134/27 |
> |66.99.20.133/27 |66.99.20.132/27
> INET INET
>
> To summarize, the machine SERVER is connected to three networks: 1) the
> Internet, with a static IP address. 2) a internal private network of
> clients/workstations, using the 10.0.0.0/8 address range. Its IP address
> on this network is 10.0.0.2 3) Another internal private network with the
> subnet 192.168.0.0/24. Its IP address on this network is 192.168.0.1.
>
> This third network serves as a high-speed. private connection between all
> machines acting as Internet servers. Presently, this is only one other
> machine acting as the Web and Mail server. I'm using two IP addresses so
> as to move the mail server to its own machine.
>
> On the "server" machine, I'm currently running an LDAP server, NFS server,
> DHCP server and SSH server for both private networks. The SSH server is
> also open to incoming connections from the Internet.
>
> My problem here is how to setup hostnames/DNS for the machines on the
> network, especially the SERVER and the web & mail server. Basically, the
> DNS hostnames that will be entered into our ISP's name server are set in
> stone. 66.99.20.132->muncc.marmionacademy.org.
> 66.99.20.133->www.muncc.marmionacademy.org.
> 66.99.20.134->mail.muncc.marmionacademy.org.
>
> What I need to know is what to set for hostname and domain names for
> machines on the internal network. This is especially confusing because, in
> order to use Secure LDAP on both internal networks, the common name entry
> of the certificate must be set to the FQDN of the server, which clients on
> both networks have to connect to.
>
> Now that my long-winded explanation of the situation is complete, I'm open
> to suggestions as to what path to take. Will I need to setup one (or more)
> DNS servers? Should I host DNS information for the internet-connected
> machines myself, or should I leave it to the ISP, etc, etc.
>
> Thanks in advance for any help you can provide.


Seconded what Andrew wrote - let your ISP do the icky bits ;-)

Apart from that, you can't actually run your own nameserver - that has
to be arranged by the people who host your domain, most likely your ISP.
For such a small number of hosts, it's simply not worth the bother, as
you also need at least 2 nameservers to be allowed to put them on the
Internet.

Just run your own nameserver and translate the domain names to their
internal addresses - none of this information will ever get out.

J