How to Hide Internal Domain from outside world

[Kevin Darcy]

Saqib Mustafa wrote:

> I want to setup a domain lets say blah.net, which has a couple of nodes
> visible to the outside world. But other than these node I want to hide the
> whole of the domain from the outside world.
>
> Could someone tell me how I would do this.

You can't do this in a single zone. The most common way to accomplish what
you want is "split DNS", i.e. maintaining internal and and external version
of the zone, and then, with BIND 8, running multiple nameserver instances
(which could be on the same machine, if you want, if it has multiple physical
interfaces or you configure virtual interfaces) serving different versions of
the zone, or, with BIND 9, using the "views" feature to serve different
versions of the zone to different clients from a single nameserver instance.

If all of the "hidden" nodes could be moved to different subdomains than the
"visible" ones, or the "visible" ones could be put in their own subdomain(s),
then you could make separate subzones and restrict queries by zone (using
"allow-query"). This would save you from having to run multiple nameserver
instances or "view"s, but would mean longer, more complex names.


- Kevin