README
1This directory contains example data (with DNS views) to load
2into a fresh Netmagis installation. There are two main objectives:
3 - show how to import your own data
4 - quickly get a running Netmagis installation in order to
5 test the software
6Data are loaded through the "run-all.sh" script which you can copy
7and adapt to suit your own needs. See installation documentation
8on http://netmagis.org
9
10Furthermore, these data are used during the development stages to
11test the software.
12
13This document explains the scenario used in this example.
14
15- The company (Example Corporation) has a RFC 1918 network
16 (172.16.0.0/16) and a DMZ (198.51.100.0/24 and 2001:db8:1234::/64)
17 where some public servers are located.
18- Example Corp has organized a non commercial event, which needs a
19 dedicated website (www.example.org)
20
21- on an network management point of view, some users can use Netmagis
22 (see networks.txt and group.txt):
23 - network engineers (members of the wheel group) are allowed
24 to administer the application itself, and have extended
25 rights on all networks
26 - support staff (members of the staff group) are allowed to
27 manage internal hosts
28
29- on a DNS point of view (see view.txt, domain.txt and zones/* files):
30 - the "external" DNS view shows some hosts in example.com and
31 example.org (with IPv4 and IPv6 addresses). This view is
32 accessed only by the wheel group members
33 This view implies zone generation for:
34 example.com
35 example.org
36 100.51.198.in-addr.arpa
37 4.3.2.1.8.b.d.0.1.0.0.2.ip6.arpa
38 Zone below is not generated for this view, since data are
39 private:
40 16.172.in-addr.arpa
41 - the "internal" DNS view shows all internal hosts as well
42 as hosts located on the DMZ (i.e. external view), with
43 one exception (see below)
44 This view implies zone generation for:
45 example.com
46 16.172.in-addr.arpa
47 100.51.198.in-addr.arpa
48 Zones below are not generated for this view, since they do
49 not differ from external view and RR can thus be resolved by
50 the public name server (with external zones):
51 example.org
52 4.3.2.1.8.b.d.0.1.0.0.2.ip6.arpa
53 - for historical (i.e. bad) reasons, one server located on the
54 internal network need to be reachable from the Internet
55 with a public (NAT) address. Therefore, this server has
56 a different IP address in external and internal views
57
58- on a mail point of view (see mailrelay.txt and mailrole.txt):
59 - all mail traffic is routed through mx[12].example.com
60 - internal mail routing accepts mail to:
61 sales.example.com
62 and mail is redirected to mailhost.example.com located
63 in the internal network. Consequently, an MX must be
64 published in external view, and the associated mail
65 relay is known only in the internal view
66