delegation question: public/private problem
Nate Campi
nate at wired.com
Thu Jan 10 06:29:06 UTC 2002
On Wed, Jan 09, 2002 at 02:57:27PM -0800, robert lojek wrote:
>
> Need to delegate a subdomain "corp.xxxxx.com" in xxxxx.com, but corp
> is private, xxxxx.com is, obviously, public. The DNS server for corp
> is private, too.
>
> What's the "best practice" to get around this? We have some (private)
> machines pointed at our public DNS boxes that need to know about
> private names.
>
<snip>
>
> Should we:
> 1. set up BIND 9 (we're on 8.2x now) and use alternate "views" for
> internal/external?
> 2. have different zone files for the same zone, depending on whether
> the server is public/private?
> 3. not even mention "corp" in public DNS, and point everything & its
> mom that's private at the private DNS box?
Views would certainly be the most elegant solution, not requiring you
to change/reconfigure any clients.
I don't and won't run BIND 9, so I would create the subzone and not
delegate to it in the public DNS. Load up the corp.xxx.com zone on
your internal nameservers, and configure any "caching-only" nameservers
to forward the zone to your internal DNS servers that host the content.
I like number three.
--
Nate Campi | Terra Lycos DNS | WiReD UNIX Operations
Real programmers never work 9 to 5. If any real programmers are around
at 9 am, it's because they were up all night.
More information about the bind-users
mailing list