OT: Separate sub zone or two copies of the same zone
Stanley Liu
stanley.liu at tmca.com.au
Thu Aug 17 23:07:06 UTC 2000
Kevin Darcy wrote:
> Stanley Liu wrote:
>
> > Just want some opinions from the group: let say mydomain.com is a
> > domain we owned. Internet DNS (say ns1) has only minimal information on
> > it - basically just MX records. This domain is also used internally in
> > our Intranet and we have our own separate Intranet DNS (say ns2). Some
> > of our Business Partners also have access to our Intranet and they are
> > configured as slave to ns2 for our zone over private network.
> > Everything works fine until we want to put some servers on the Internet
> > under the domain name partner.mydomain.com. All hosts on this sub
> > domain will be accessible/resolvable to Internet and Intranet. There
> > are two options we are considering:
> >
> > 1. Separate sub zone - Create a sub zone partner.mydomain.com and host
> > it on ns1. Let ns2 be slave to ns1 for this zone. The upside is that
> > we have one copy of zone partner.mydomain.com to maintain. The down
> > side is that all current business partners slave to ns2 for mydomain.com
> > will need to add another slave zone of partner.mydomaina.com.
> >
> > 2. Two copies of the same zone - Maintain two different copies
> > (mydomain.com or partner.mydomain.com) on ns1 and ns2. The upside is
> > that there will be no roll-out issue. The down side is obviously to
> > have to maintain two copies of the same zone.
> >
> > Which option is better? Is there a third option? Any comments would
> > beappreciated.
>
> Bear in mind that with option #1, only the business partners who are unable
> to resolve Internet names would need to add a new slave definition. If a
> business partner can resolve Internet names, then it should be able to
> resolve the partner.mydomain.com names without any special help.
For those business partners who are slaving ns2 (our Intranet DNS) for
mydomain.com and want to resolve www.partner.mydomain.com, because their dns
is authoritative over mydomain.com (slave to zone), my understanding is that
they will stop at their dns and will not go to Internet to resolve it. So they
will have to explicitly slave to the subzone of partner.mydomain.com. Am I
overlooking something here?
> Another variation on option #1 is to have the business partners convert
> their slave definition to a per-domain forwarding definition, e.g. "type
> forward" zone in BIND -- assuming their nameserver software supports such a
> thing -- which would take care of mydomain.com _and_ partner.mydomain.com
> and any other subdomains you may wish to add in the future. The downsides
> would be a) that they wouldn't have the same redundancy that they would as
> slaves, and b) depending on a variety of factors, forwarding could use more
> resources than slaving (it could just as easily go the other way though!).
Certainly "type forward" zone looks like a third option for me. However, apart
from the downsides that you've highlighted, two configurations will exist among
the Business Partners - some are "forwarders" and some are "slaves". That may
add to the support efforts required ... hmmm, on second thoughts, there
shouldn't be any extra support efforts, right?
Thanks for your comments.
--
Stanley Liu
stanley.liu at tmca.com.au
More information about the bind-users
mailing list