Split DNS - Internal W2K and External BIND
Kevin Darcy
kcd at daimlerchrysler.com
Thu Mar 7 21:30:27 UTC 2002
The classic DNS AXFR/IXFR replication model requires you to make all changes
to a given zone on the master server.
You are certainly free to put a Win2K AD server in your DMZ so that you can
have "multi-master" functionality, but from a security standpoint, I wouldn't
recommend it.
- Kevin
Jan Alfastsen wrote:
> Hi' there.
>
> I have 2 external BIND 8.x.x server acting as primary and secondary placed
> on my DMZ ie. behind the firewall.
> These servers holds about 60 domain names.
>
> Now i have 2 Windows 2000 AD domains on my LAN behind the firewall. Say:
> abc.dk and def.dk
> These domain names are also used externaly.
>
> Now I'm tired of maintaining zones both internaly and externaly.
>
> I want's to make a zonetransfer from the BIND 8.x.x. servers on the DMZ to
> my Windows 2000 AD DNS servers on my LAN.
>
> This works fine, but I'm not able to add extra hostnames to the zones
> located on my W2K servers.
>
> Any ideas how to make a workaround??
>
> Actualy we use about 30 of the external domain names internaly for
> development.
>
> say:
> www.abc.dk (external)
> mail.abc.dk (external)
> beta.abc.dk (internal)
> test.abc.dk (internal)
>
> How do I solve this???
>
> Best Regards
> Jan Alfastsen, Den Blaa Avis A/S
More information about the bind-users
mailing list