DNS External/Internal Shadow Domains?
Joseph S D Yao
jsdy at cospo.osis.gov
Tue Nov 9 19:19:53 UTC 1999
Here is what we do. Names simplified for illustrative purposes.
Internal name server ns1.dom1.osis.gov serves domain dom1.osis.gov and
forwards all unresolved queries to ns1.osis.gov or ns2.osis.gov.
Internal name server ns1.dom2.osis.gov serves domain dom2.osis.gov and
forwards all unresolved queries to ns1.osis.gov or ns2.osis.gov.
etc.
Internal name server ns1.osis.gov serves domain osis.gov. It has NS
pointers to the internal domains' servers, but also has forward zones
pointing to them. It forwards all unresolved queries to fw1.osis.gov,
which has a caching-only name server.
Name server ns2.osis.gov is actually the same as a second firewall,
fw2.osis.gov. The name server runs on the second firewall, but also
serves domain osis.gov. It also has NS pointers to the internal
domains' servers, and forward zones pointing to them. But it does not
have a forwarder for all other unresolved queries, since it can use
normal DNS with the root servers and all other servers on the Internet.
Does this help any?
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list