"split DNS"

[Kevin Darcy]

Split DNS, or "split namespace", is discussed in the _DNS_and_BIND_ book, in
the section on DNS and Firewalls.

Basically, all "split DNS" is, is multiple instances of the same zone or
zone(s). One nameserver instance serves one version of the zone, and another
instance serves a different version. Each instance serves a different user
community, usually "external" versus "internal". Usually, the "external"
version of the zone is a "shadow namespace" -- a subset of the internal
version, which contains only those hosts and other resources which are
externally accessible.

The drawbacks with split DNS, as it is implemented today, are that you need to
a) run multiple nameserver instances, and b) maintain duplicates of the
"global" data (data which must be visible to both internal and external
users). The "views" mechanism of BIND 9 eliminates (a), by allowing you to
load different versions of the same zone into a single instance and then serve
them to different sets of users. But you still have to maintain the global
data -- that which must be visible in all views -- in multiple zonefiles,
unless you play some sort of $INCLUDE tricks. Perhaps one day BIND will
provide a way to "cascade" views so that you could just maintain the global
data in a single zonefile. One can only hope...


- Kevin

Vu Pham ( Sivell ) wrote:

> Hi all,
>
> Sorry for my ignorant question. I read some posts in our mailing list about
> "split dns".
> I don't understand its purpose. Could somebody tell me the URL or documents
> about "split dns".
>
> Thanks for your help,
>
> Vu Pham