DNS on Lnux Problem
Kevin Darcy
kcd at daimlerchrysler.com
Tue Feb 3 20:11:35 UTC 2004
Roger Ward wrote:
>First, do not use forwarding statements. They will defer all queries as
>you have realized to wherever you forward them to.
>
I'm not sure what that means. Yes, forwarding isn't going to work in
this situation, but that's because BIND nameservers never query for
names that are in their authoritative data.
>Second, setup a third level domain, and modify the dns search order of
>your internal machines (on Unix machines it is done via
>/etc/resolv.conf... You CAN have multiple search statements like 'search
>internal.domain.com' and 'search domain.com'),
>
You seem to be assuming that the original poster is using unqualified
names. although he didn't say that he was. If one uses only
fully-qualified names, then no searchlist is necessary at all, and DNS
resolution is much more efficient (no time-consuming, resource-wasting
"guesses" by the resolver as to what the domain suffix(es) should be).
>You should never configure a domain on an internal DNS server you want
>to operate from your internal lan.
>
What do you mean by "operate" here? Surely there's no problem with
running internal DNS on an internal DNS server, is there? What if you
have an internal root architecture? What if you're not even connected to
the Internet directly?
>It complicates things... The only
>two ways you could do it is either configure your ISPs nameservers to
>accept updates from you (highly unlikely, as I have had this request,
>and we cannot do it for our customers), or to use a different domain -
>at least a different sub-domain. Make sure in /etc/named.conf (or in
>whatever include file you have) the 'zone' if you choose to do a
>subdomain, is set correctly (and not set to the original domain).
>
>
Actually I think it's more common for the internal DNS to be a superset
of the external DNS, and maintained in parallel with it.
- Kevin
>-----Original Message-----
>From: tnaves at linkwest.net [mailto:tnaves at linkwest.net]=20
>Sent: Tuesday, February 03, 2004 11:54 AM
>To: comp-protocols-dns-bind at isc.org
>Subject: DNS on Lnux Problem
>
>
>My public dns is done by my ISP. I set up an internal dns server on a
>Redhat Linux ver 9 box. I made the internal domain the same name as the
>public domain name. I can resolve all internal names that are in the
>internal dns database. Via "." hints file, I can resolve all public
>names except my own public names. I presume this is because my internal
>dns server is "authoritative" for my domain and as a result, if the name
>is not in one of its zones, it does not go to the root servers.
>
>I thought if I put a forwarder statement in the named.custom file, this
>is the Linux way of doing it, I could resolve my public names using my
>ISP's dns. This just made it so the internal dns server would not work
>at all. Have I done this incorrectly? Any ideas will be welcome.
>
>Regards,
>
>Tom
>
>
>
>
>
>
>
>
More information about the bind-users
mailing list