Newbie DNS Questions

Danny Mayer mayer at gis.net
Tue Sep 25 18:22:19 UTC 2001 

         I would strongly suggest that you go out and buy Cricket Liu's
DNS and BIND, 4th edition (not the 3rd) and read that.  It should answer
most of your questions.

With BIND 9 now available you can use "views" instead of split DNS.

This is a fairly normal situation for many companies, so this is almost a
"standard" configuration.

         Danny
At 12:53 PM 9/25/01, John wrote:

>This is not really a BIND question, but figured this would be a good
>place to ask.
>
>I am an application developer and I have been asked to comment about
>how DNS should be setup. My questions may seem basic or my opinions
>completely wrong, but please bear with me as I learn.
>
>Previously local host files were used for all internal naming. So
>using DNS is fairly new to all parties involved.
>
>The situation is as follows. The main company located in the US has a
>.com domain registered. A subsidiary company located in Canada has a
>.ca domain registered. Both need to get to each others
>internal(fred.maincompany.com, mojo.susidiary.ca, etc.) and external
>machines (www.maincompany.com, www.subsidiary.ca, etc.).
>
>Split DNS will be used to keep the internal machine names from being
>resolved by the outside world.
>
>The network folks doing the DNS setup have not been able to answer
>some of my, and others, questions so I wanted to get input from some
>experts.
>
>Regarding split DNS in general I assume that all of the information in
>the external DNS servers will need to be duplicated on the internal
>servers so that the internal users need only query the internal DNS
>server to get to the external machines such as the internet web/ftp
>servers. Is this correct?
>
>Because of the distant geographical locations of the two sites I would
>think that each site should have there own master and slave DNS
>servers, and these should be identical at each site. My reasoning here
>is to reduce/eliminate DNS traffic on the pipe between the two
>locations. Is this reasonable? Are there any problems with this,
>beyond keeping them in sync?
>
>Another issue is should all the machines be in subdomains of only one
>domain to avoid user confusion. By this I mean instead of using
>mojo.subsidiary.ca we would use mojo.canada.maincompany.com. The
>network folks in charge of the DNS setup say this can't be done using
>the .com or .ca and still allow resolution of the external names such
>as web, ftp, etc. Their solution is to use a bogus domain for all
>internal names, i.e. mojo.canada.maincompany.corp. This sounds to me
>like they just don't know how to set things up to have .com names for
>both internal and external use. Am I wrong about this?
>
>They have also stated that using .corp is inherently more secure.
>Other then the domain not resolving for the rest of the world I don't
>see how. ANy comments on this.
>
>Thanks in advance for your comments.

More information about the bind-users mailing list