Subsidiaries of domain

Kevin Darcy kcd at
Tue Jan 14 21:59:14 UTC 2003

Yen wrote:

> I have a domain,, whose DNS is hosted on two servers,
> and These servers are available on the
> Internet.
> I have servers on my local private network that host DNS for subsidiaries of
> this domain, ie This seems to work ok except when internal
> clients try to access resources at (like The
> internal servers try to give the answers but they don't know the answers
> because those answers are on the external servers. The only
> exists on my internal servers because it holds the subsidiaries. I have had
> to put some of the hosts at into the internal zone
> to allow users access.
> What am I missing? I would prefer that my DNS servers look on the Internet
> for, like they do for every other domain. They should only look
> internally for etc. The internal servers are Windows NT.

Do you care whether Internet users can see that you have internal subzones of, assuming that they cannot actually resolve names in those
subzones? If you don't care about that, then you could make one of those
servers a master for the zone, which would include delegations of
the internal subzones, and make the other server or servers slaves of the zone.
Just make sure to restrict query access from the Internet to the internal
subzones, on your external servers.

If this does not meet your requirements, then your only other alternative is to
maintain two different copies of; one for external use and one for
internal use. If you go this route, you might be able to make your life a
little easier by hosting both versions of the zone in a single nameserver
instance, differentiated by the "view" feature (assuming you're running
BIND 9), and sharing the common entries via an $INCLUDE file.

- Kevin

More information about the bind-users mailing list