PUBLIC AND PRIVATE HOSTS

Jim Reid jim at rfc1035.com
Thu Dec 14 10:19:00 UTC 2000


>>>>> "Saqib" == Saqib Mustafa <smustafa at Pakistan.NCR.COM> writes:

    Saqib> How do I hide some hosts, which are private, and show the
    Saqib> others which are public. I do not want to do this with
    Saqib> allow-query.

Use split DNS. Have one version of your zone(s) containing the public
data and another containing the private data. Put these on seperate
servers. Make sure the public version of the zone(s) is only visible
to the outside world. The private version is put on an internal name
server that's only reachable by your internal users. This is quite
common, especially on large corporate nets. Sometimes these are forced
to implement split DNS because the private name space uses addresses
like RFC1918 nets that cannot be reached from the internet.

The views mechanism in BIND9 provides another way to implement split
DNS. One name server can provide different views of the same zone. IP
addresses are associated with each view. This means that queries
coming from address you decide are external could be presented with
the external view of your zone that contains the public DNS
data. Meanwhile queries from addresses that are considered local get
to see another view of the zone containing your private DNS data. 
Information on how to set this up is in the BIND9 Administrator's
Reference Manual.



More information about the bind-users mailing list