Public IPs and nameservers on firewall

Barry Margolin barmar at
Sun Nov 7 05:34:26 UTC 1999

In article <38242744.90DDAE89 at>,
G. Roderick Singleton <gsingleton at> wrote:
>I have a DNS server defined as "slave to master" local to my network.
>Can I put my PRIVATE addresses in this DNS server's zone file and
>achieve the same effect as if I had put them externally.

You can't put them in the zone file on the slave server, since it gets
overwritten whenever the slave performs a zone transfer.  That's why I
later suggested using a subzone for your private entries.

>> >simply create a nameserver for the 192.168.32. hosts (PCs) and then have
>> >this server, in turn, point at the local slave and so on.
>> Another solution would be to put these IP's in a subdomain, and configure
>> your firewall or an internal server as the master server for the
>> subdomain.  If you use an internal server, it can be configured to forward
>> everything else to the firewall.

[Why do I frequently have to edit my own signature out -- can't you do that
yourself when you're replying?]

>I thought of this but put it aside because of "how to bind to port"
>issues that I thought might get in the way. This is where I
>see that we are getting close to having to deal with an internal

I don't know what issues you're talking about.  I was describing the
standard split DNS configuration, which is very common.

Barry Margolin, barmar at
GTE Internetworking, Powered by BBN, Burlington, MA
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list