Hostname in one domain, IP address in another?

Barry Margolin barmar at
Thu Mar 16 15:29:30 UTC 2000

In article <174C54366205D211A2F900A0C9C83B3203CBAC9B at>,
Stewart.Ann <Ann_Stewart at> wrote:
>Our domain is <> .   We are NOT a subnet of
>the main California domain, <>   We have a host in

Since there's no relationship between the forward DNS hierarchy and
subnets, this doesn't matter.  Any name in any domain can point to any
address in any network.

>the domain whose name is

This sentence makes no sense.  The name is in the domain, not the domain.  I think you mean you have
a host on your subnet whose name is -- remember, there's
no correspondence between forward domains and subnets.

>< >   There is a link to this host from the CA main
>page, <> .  The link points to
><> .  Browsers using this link are first directed to
>the DNS servers, where <>  is
>tied to the correct IP address and the resolution is fast.  So everything is
>hunky-dory for people outside our firewall who click on the link from the CA
>home page.  However, inside the firewall, it takes an entire minute for the
>page to load, and it ends up, of course, with the FQDN of
> <> .  The
>one-minute wait is annoying for people higher up who make a lot more money
>than I do.  They want it to resolve NOW.  I tried calling the host just
>"taxes" so that after resolution (internal) its name would be
>, and that works fine internally: all they have to do is
>type "taxes" in the browser.  But the well paid higher-up person wants to be
>able to give demos, inside the firewall, showing how EZ it is to get to our
>tax site by clicking on the CA home page link, and doesn't want to type
>"taxes" in the browser address line.  Here's my question:  Is there a way to
>set it up in our DNS database so it can be called
><>  and have it resolve immediately?

You must have split DNS set up behind your firewall, and apparently there's
a problem with how it accesses the rest of the hierarchy.  But
without more information about your internal DNS and firewall
configurations, it's impossible to determine what's wrong.

Try turning on tracing on your internal server and see what happens when
someone tries to look up

Barry Margolin, barmar at
GTE Internetworking, Powered by BBN, Burlington, MA
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list