BIND 9.1, Views, and Zone Transfers
Jim Reid
jim at rfc1035.com
Mon Feb 5 13:58:27 UTC 2001
>>>>> "Matthew" == Matthew Thompson <matthewt at fairplay.co.uk> writes:
> If you're using internal and external views, why would you want
> to put the internal one on an external name server?
Matthew> I can give you my reasoning. I have an internal NS and an
Matthew> external NS along with a slave for the internal NS.
Fine. This is a good thing. But it's not the same as running split DNS
(with or without views).
Matthew> The External NS is not hugely loaded but handles ALL
Matthew> traffic that the internal nameservers can't answer
Matthew> directly. We use a firewall with a protected DMZ to host
Matthew> our external name server and all external services - by
Matthew> using a view on this server I would hope to cut down on
Matthew> the duplication of queries and enable a faster more
Matthew> reliable service (The primary Internal NS is not as
Matthew> stable a box as the External NS)
In this scenario, views will make no difference to the number of
queries your name server on the firewall gets. That's a function of
the RTT to each of the NS records your zone has. As a general rule,
the faster responding servers get more of the queries. If you want to
reduce the queries on the firewall name server - why bother? - make it
a stealth master for the external version of your zone(s). ie It's not
listed in the NS records for those zones so other name servers can't
find it to query it.
More information about the bind-users
mailing list