Subsidiaries of domain

[Kevin Darcy]

Yen wrote:

> I have a domain, accuride.com, whose DNS is hosted on two servers,
> dns.apolloi.com and dns2.apolloi.com. These servers are available on the
> Internet.
>
> I have servers on my local private network that host DNS for subsidiaries of
> this domain, ie sfs.accuride.com. This seems to work ok except when internal
> clients try to access resources at accuride.com (like www.accuride.com). The
> internal servers try to give the answers but they don't know the answers
> because those answers are on the external servers. The accuride.com only
> exists on my internal servers because it holds the subsidiaries. I have had
> to put some of the hosts at accuride.com into the internal accuride.com zone
> to allow users access.
>
> What am I missing? I would prefer that my DNS servers look on the Internet
> for accuride.com, like they do for every other domain. They should only look
> internally for sfs.accuride.com etc. The internal servers are Windows NT.

Do you care whether Internet users can see that you have internal subzones of
accuride.com, assuming that they cannot actually resolve names in those
subzones? If you don't care about that, then you could make one of those
servers a master for the accuride.com zone, which would include delegations of
the internal subzones, and make the other server or servers slaves of the zone.
Just make sure to restrict query access from the Internet to the internal
subzones, on your external servers.

If this does not meet your requirements, then your only other alternative is to
maintain two different copies of accuride.com; one for external use and one for
internal use. If you go this route, you might be able to make your life a
little easier by hosting both versions of the zone in a single nameserver
instance, differentiated by the "view" feature (assuming you're running
BIND 9), and sharing the common entries via an $INCLUDE file.


- Kevin