Views and forwarding (Bind 9.1.2)

Kevin Darcy kcd at daimlerchrysler.com
Thu May 31 20:55:50 UTC 2001 

You would let people connect the same machine to the Internet *and* directly to your
internal network (albeit not at the same time)? I guess you don't care about security
very much. Those portables could easily get trojaned or virus-infected while on the
Internet. I wouldn't trust them on an internal network.

Nevertheless, it should be technically possible for any ISP that uses DHCP to provide
DNS servers as a DHCP option (IIRC option 81 (?)). Also, you didn't say what OS these
platforms were running, but isn't it possible on more recent flavors of Wintel to
specify different sets of DNS servers for different network connections?


- Kevin

Nico De Ranter wrote:

> Howdy,
>
> we have a split-brain DNS setup whereby the externaly available
> DNS information is completely different as the internal information
> (we use unrouteable addresses internaly).  We have 2 DNS servers
> available for the Internet, say (e1, e2) and 2 for the internal network, say (i1,i2).
> Unfortunately there are a number of portables that need to be
> able to connect internaly using DNS servers i1 and i2 but they
> also need to be able to connect to the Internet when outside the
> company (using either e1 and e2 or the DNS servers provided by the
> ISP).  It is trivial to supply the internal DNS servers through DHCP
> when they are connected directly however as far as I know DNS servers
> are not supplied automaticaly when connecting to the Internet through
> a modem.  Needless to say my users don't like having to change DNS
> servers every time they login from a different place.
>
> I'm trying to solve this by using views on e1 and e2 so the portable
> users will get the correct information depending on whether they connect
> from inside our network or from the Internet.  However, 1) I wan't to keep
> the authoritive info for the internal network on i1 and 2) we have a large
> number of internal networks (growing every day) and I don't want
> to create a "zone" statement for every one of those networks containing
> only a "forwarders" statement.  Is there any way to convince e1/e2 that
> *all* queries coming from inside our network should simply be forwarded
> to i1/i2?  Or is there another simpler way to do this (I do not believe
> the combination split-brain DNS / roaming portables is a unique
> situation :-)
>
> Thanks in advance,
>
> Nico
>
> ---------------------------------------------------------
>  "It has been said that there are only two businesses that
>   refer to customers as users: illegal drug trade and
>                the computer industry."
> ---------------------------------------------------------
> Nico De Ranter
> Sony Service Center (SDCE/NEE-B)
> Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
> 1130 Brussel (Bruxelles), Belgium, Europe, Earth
> Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
> e-mail: nico.deranter at sonycom.com

More information about the bind-users mailing list