Split DNS setup

Jeff Kennedy jkennedy at amcc.com
Wed Apr 19 22:17:09 UTC 2000


Ok, noone replied to this so after much more digging I am asking for
verification and one point of clarification.

As I understand it, I need to run an un-registered primary dns server
inside my firewall with all my hosts listed for internal lookups.  All
of the internal people will query this server first, if not resolved (ie
if it's an internet host they're looking for) it will forward the query
to a registered primary on the dmz using the forward statement.  This
server will have a stripped down version of the internal dns table and
will answer internet host queries for internal people (external as well
I guess).
The server on the Sprint network will be a registered slave of the
registered primary on AT&T.

The above is the setup for which I would like verification.  Following
is what I would like clarification on;

What are the consequences of running 2 primary servers?  Since they are
seperated by a firewall I assume that only allowing forwards from the
internal to external will keep the rest of the world from having issues
but what about these 2 servers in particular?  Is there any other
communcation between these 2 that is passed by forwarding?

Thanks.

~JK

Jeff Kennedy wrote:
> 
> Greetings all,
> 
> I don't know if that's even the correct description for what I want
> .....
> 
> My setup is the following:
> 
> 2 ISP's - AT&T and Sprint.  All dns is done in-house (locally).
> 
> One primary dns server on AT&T network (firewall) and one slave internal
> on AT&T
> All servers on Sprint point to primary for dns (so they go across the
> internet for dns lookups and resolution).
> I have only one zone for the domain (both networks are under
> mydomain.com)
> 
> I want to have a slave on Sprint that only broadcasts the servers on
> Sprint.  I have the cricket book, 3rd edition, but am not sure what I'm
> looking for.
> 
> Here is my best guess at the moment:
> 
> I need to setup a slave on the Sprint network and restrict zone
> transfers for this machine on the primary to just the files I want it to
> broadcast.  But if I have only one zone how do I restrict part of a
> zone?  I know this is not the ideal setup but for now I have to deal
> with it.
> 
> Eventually I would like to move the primary server internal and have a
> slave on the dmz and Sprint that only broadcast a limited name space.
> 
> Thanks.
> 
> --
> 
> ===================
> Jeff Kennedy
> UNIX Administrator
> AMCC
> jkennedy at amcc.com

-- 

===================
Jeff Kennedy
UNIX Administrator
AMCC
jkennedy at amcc.com



More information about the bind-users mailing list