How can I split a domain

Jim Reid jim at rfc1035.com
Wed Dec 22 22:09:49 UTC 1999


>>>>> "Craig" == Craig Shrimpton <craigs at os.com> writes:

    Craig> I have a situation that requires running two primary name
    Craig> servers for the same domain.  A public server and a private
    Craig> server.  The issue I have involves hosts on the private
    Craig> network resolving public server records via the private

    Craig> Is there anyway I can tell my private server that if it
    Craig> doesn't find an RR for a host in my domain to query the
    Craig> public server next?

No. 

    Craig> I though I could do it with forwarders but the server
    Craig> doesn't forward queries for domains it has authority over.

Correct. If a server is authoritative for some zone it definitively
knows what resource records exist in the zone. Therefore there's no
reason for it to send queries for names in that zone to some other
name server. There's no logic(?) to tell a name server "if you don't
know about a name in one of your zones, try asking some other name
server for it".

There are a couple of kludges you could try. Perhaps you could use
some sort of metafile to hold all your network data and run this
through something like sed or cpp to create two copies of the zone
file: one for the inside and one for the outside? Another suggestion
would be to create a delegation in the internal zone - say
outside.example.com - for the external copy of the zone. This would
let things on the inside resolve your external names. You could put
CNAMEs in the internal example.com zone file to point at the relevant
resource records in the outside.example.com zone. [You could even use
the same zone file for the external example.com and the internal
outside.example.com zones, though I personally dislike this.] That
would also allow everything inside your net to unambiguously identify
resources on the inside and outside, which might be useful.

For instance on the internal net, lookups of www.example.com take
someone to the internal web server. www-out.example.com could be a
CNAME for www.outside.example.com which takes internal users to the
external web server. Meanwhile anyone on the outside who looks up
www.example.com will see the external DNS for that zone and go to the
external web server provided split DNS has been set up correctly.


More information about the bind-users mailing list