Please advice on making external zone visible on inside.

[Barry Margolin]

In article <c80g8b$ufj$1 at sf1.isc.org>,
 Fredrik Hakansson <fredrik at spamme.younix.se> wrote:

> Hello good people!
> 
> I have a customer with internal root name-servers. Now they need to be
> able to see one of their external DNS zones hosted on their own external
> name servers.
> 
> To complicate this further they use the same zones on the inside as on the
> out side. They have decided to migrate out from dual copies of the
> zone files.
> 
> Lets say they have zone.com on their inside and zone.com on the out side.
> They want to start use foo.zone.com on the out side but also see it from
> the inside. To solve this and without having to double administer i have
> thoughts about delegate from the inside this sub zone foo.zone.com to
> their external name servers. One thing i am scared of is what if for some
> reason the internal name-servers could learn the NS pointers from the
> external zone.com. If this happens chaos will ensure.
>
> Forwarding is not an option since this is a huge company spread globally
> with hundreds of name-servers.
> 
> Have anybody done similar things and have some tips or is there other ways
> of doing this.

You could have the external nameserver move foo.zone.com into a separate 
zone, so that the NS records will match the expectations.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***