This last bit for DNS will mostly be to fill in remaining odds and ends for DNS.

Clone ns1-projreality-sam.vdi to ns1-isp-sam.vdi, and create a VM using that hard disk. Change the VirtualBox networking, hostname, IP address, and gateway settings as we did with the other servers. Remove the forward and reverse zone files we made for projreality.sam, and create the following files:

File: /var/named/isp.sam

$ORIGIN	isp.sam
$TTL	2d

@	IN	SOA	ns1	hostmaster (
	2010110300	; serial number
	3h		; refresh
	15m		; retry
	1w		; expire
	2d		; minimum TTL
)

@	IN	NS	ns1

@	IN	MX	10	mail

gateway	IN	A	172.16.152.1
dns1	IN	A	172.16.152.10
mail	IN	A	172.16.152.15

gateway	IN	A	172.16.151.1
ns1	IN	A	172.16.151.10

gateway	IN	A	172.16.150.100

File: /var/named/172.16.151.rev

$ORIGIN	151.16.172.in-addr.arpa.
$TTL	2d

@	IN	SOA	ns1.isp.sam.	hostmaster.isp.sam. (
	2010110300	; serial number
	3h		; refresh
	15m		; retry
	1w		; expire
	2d		; minimum TTL
)

@	IN	NS	ns1.isp.sam.

1	IN	PTR	gateway.isp.sam.
10	IN	PTR	ns1.isp.sam.

File: /var/named/172.16.152.rev

$ORIGIN	152.16.172.in-addr.arpa.
$TTL	2d

@	IN	SOA	ns1.isp.sam.	hostmaster.isp.sam. (
	2010110300	; serial number
	3h		; refresh
	15m		; retry
	1w		; expire
	2d		; minimum TTL
)

@	IN	NS	ns1.isp.sam.

1	IN	PTR	gateway.isp.sam.
10	IN	PTR	dns1.isp.sam.
15	IN	PTR	mail.isp.sam.

Also, edit /etc/named.conf. Change the listen-on to the correct IP address. Remove the zones for projreality.sam, and add the following:

zone "isp.sam" IN {
	type master;
	file "isp.sam"
	allow-transfer { none; };
};

zone "151.16.172.in-addr.arpa" IN {
	type master;
	file "172.16.151.rev"
	allow-transfer { none; };
};

zone "152.16.172.in-addr.arpa" IN {
	type master;
	file "172.16.152.rev"
	allow-transfer { none; };
};

Finally, add the glue record from the .sam TLD nameserver to isp.sam's nameserver. Go to a.root-servers.sam and edit /var/named/sam, and add the following lines at the end:

$ORIGIN	isp.sam.
@	IN	NS	ns1
ns1	IN	A	172.16.151.10

We'll also make a resolver on the projreality.sam side. Start by cloning dns1-isp-sam.vdi to dns1-projreality-sam.vdi, and create a VM called "dns1.projreality.sam" using the cloned hard disk.

Change Adapter 1 to the internal network "projreality dmz"

Start up the new VM, and change the HOSTNAME to dns1.projreality.sam, change the IP address for eth0 to 172.16.211.25 (also update the broadcast), and change the default gateway to 172.16.211.1

Also, edit /etc/named.conf; change the IP address in the listen-on line to 172.16.211.25, and also change the allow-recursion line to:

        allow-recursion { 172.16.210.0/24; 172.16.211.0/24; 172.16.212.0/24; };

This gives access to all address ranges for projreality.sam

Add dns1.projreality.sam into projreality.sam's zone file by editing /var/named/projreality.sam on the ns1.projreality.sam VM and adding

dns1    IN      A       172.16.211.25

after the line for www

Finally, edit /etc/resolv.conf and add the following line:

nameserver 172.16.211.25

Now go to the firewall.projreality.sam VM and edit /etc/pf.conf - we'll need to allow the resolver to access other DNS servers through the firewall. Under the Servers section, add

dns1 = "172.16.211.25"

At the end of the file, just before the block log quick all line, add

pass in quick on $DMZ inet proto udp from $dns1 to any port domain
pass out quick on $Ext inet proto udp from $dns1 to any port domain

pass out quick on $DMZ inet proto udp from $DMZ to $dns1 port domain

Note that the last line allows the firewall itself to access the resolver.

Now set the firewall's default nameserver by creating /etc/resolv.conf with the following (refer to Figure 1.3 for the IP address of projreality.sam's nameserver):

nameserver 172.16.211.30