Split DNS
Nate Campi
nate at wired.com
Tue Feb 19 18:05:14 UTC 2002
On Mon, Feb 18, 2002 at 09:24:46AM -0500, linux at penguinpower.com wrote:
> Is setting up Split DNS bascially a waste of time?
No, not if you need it - but you already knew that.
> (too many ways for network info to leak out?)
Information can leak, sure, but do it cleanly and you should have
minimal unwanted side effects. Use BIND 9 and it's "views" feature or
tinydns and it's "location codes" for a good solution.
Under BIND 8 I still like the idea of a subdomain without delegation
from the authoritative servers for the parent domain. The subdomain is
either loaded as authoritative info or as a "forward zone" (in BIND
parlance) on your internal caches.
As always - a couple caveats: you have to design it this way from the
start, or your hosts will have to be moved to the subdomain, and your
caches can't be reachable from the outside or the info isn't private.
The reason I like the subdomain is because it's always clear where the
information really lives. In a complicated world, having records change
depending on where you're asking from can be a tremendous benefit or a
massive headache. You be the judge ;)
--
Nate Campi Job: hostmaster at lycos.com and root at wired.com
You can lead an idiot to knowledge but you cannot make him think.
You can, however, rectally insert the information, printed on stone
tablets, using a sharpened poker.
More information about the bind-users
mailing list