FW: split DNS

Armin Safarians armin.safarians at safeway.com
Wed Jun 26 22:43:17 UTC 2002

I have a general split DNS question.

I have 3 levels of dns servers.

level1   -   external facing, public
level2   -   DMZ only DNS
level3   -   internal.

level 1 answeres queries of internet. DMZ will only
know about the dmz servers and very few of internal
that the dmz needs to talk to. and level3 ofcourse is
the internal  corporate servers. Today I forward all
unknown queries from level3 to level2 and from level2
to level1. so a yahoo.com lookup from the internal will
travel through level2 and then to level1 and then the
root servers.

I am thinking about changing this to allow level1 to
only  answere public queries and the internal to
forward to level2 and then out to the internet.

Please explain to me if this is a bad practice. I can
only find documentation on 2 tier split dns, not three.

AMS :-)

"WorldSecure Server <safeway.com>" made the following
 annotations on 06/26/02 16:46:12
All e-mail sent to this address will be received by the Safeway corporate e-mail system, and is subject to archival and review by someone other than the recipient.  This e-mail may contain information proprietary to Safeway and is intended only for the use of the intended recipient(s).  If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited.  If you have received this message in error, please notify the sender immediately. 


More information about the bind-users mailing list