Public / Private zones - assistance please

Bruce Schuck bschuck at
Thu Mar 2 23:09:55 UTC 2000

joseph lang wrote:

> The way I chose to deal with this problem is to run
> two independent DNS servers. Inside includes all the
> internal hosts and any external hosts in my domain.
> The outside DNS only includes internet addressed hosts.

> both DNS servers are configured as primary and know
> nothing about the other.
> hosts on the INTERNET use the outside servers
> hosts on the inside network only use the inside servers.
> inside DNS servers can query DNS root servers through the
> firewall. (In your case NAT router).(UDP/TCP port 53 open)


Thanks for the quick response, but here's my dilema that I am trying
to solve.  Having 2 servers, where the outside server knows nothing of
the internal network doesn't cut the mustard.

I now have an internet email server.  Call it  It
also happens to be the external DNS server.  But I have two machines
inside the firewall from which users will really get and send their
email.  Call them and  But for
arguments sake, they have IP addresses of and
respectively.  Now these are behind the firewall and therefore I don't
need their names to be advertised to the internet in general, but I
need for the internet email server to be able to look them up for
forwarding mail inside my domain.  

=snippet of /etc/aliases on (internet/public)=
bschuck		bschuck at
user2		user2 at

Since my internal DNS server contains data for the outside hosts, I am
using fetchmail to bring the email in for users who need it. And I
relay all outgoing email through the internet email host. But I would
rather not do it this way, at least I want to not use fetchmail.

Bruce Schuck

More information about the bind-users mailing list