delegation question: public/private problem

Nate Campi nate at wired.com
Thu Jan 10 06:29:06 UTC 2002


On Wed, Jan 09, 2002 at 02:57:27PM -0800, robert lojek wrote:
> 
> Need to delegate a subdomain "corp.xxxxx.com" in xxxxx.com, but corp
> is private, xxxxx.com is, obviously, public. The DNS server for corp
> is private, too.
> 
> What's the "best practice" to get around this? We have some (private)
> machines pointed at our public DNS boxes that need to know about
> private names.
>
<snip>
> 
> Should we:
> 1. set up BIND 9 (we're on 8.2x now) and use alternate "views" for
> internal/external?
> 2. have different zone files for the same zone, depending on whether
> the server is public/private?
> 3. not even mention "corp" in public DNS, and point everything & its
> mom that's private at the private DNS box?

Views would certainly be the most elegant solution, not requiring you 
to change/reconfigure any clients.

I don't and won't run BIND 9, so I would create the subzone and not 
delegate to it in the public DNS. Load up the corp.xxx.com zone on 
your internal nameservers, and configure any "caching-only" nameservers
to forward the zone to your internal DNS servers that host the content.

I like number three.
-- 
Nate Campi | Terra Lycos DNS | WiReD UNIX Operations

Real programmers never work 9 to 5. If any real programmers are around
at 9 am, it's because they were up all night. 



More information about the bind-users mailing list