Split DNS Forward problem
Kevin Darcy
kcd at daimlerchrysler.com
Tue Nov 23 00:08:21 UTC 2004
David Botham wrote:
>bind-users-bounce at isc.org wrote on 11/22/2004 02:03:57 PM:
>
>
>>Our company have been taken over by a larger company. Now I've to
>>
>>
>configure
>
>
>>our DNS that it resolvs the domain names from the company that has taken
>>
>>
>us
>
>
>>over. Problem is that they are using a split DNS system.
>>So I can make for example a forward zone in my DNS and point that to the
>>
>>
>
>
>
>>internal nameserver.But then the external hostnames aren't resolvable.
>>
>>
>
>The premise behind a split DNS is that the internal clients do not need
>the "external" information. In other words, you are treated as either
>"inside" the network or "outside" the network, not both. You can be sure
>that internal clients at the larger company do not resolve names from the
>external zones. If you are now "part of their network" you should be able
>to survive with the same view of the name space as they do.
>
That may not be a feasible short- to medium-term solution. The larger
corp may have a particular web-proxy architecture configured at each
local site and/or into all of their clients' configs, which removes the
need to be able to resolve Internet names from the inside, and it may
not be reasonable to assume that the smaller corp can simply jump on
that bandwagon on short notice. Believe me, I speak *directly* from
experience here.
As an interim measure, it might be possible for the smaller corp to
configure per-domain forwarding, slave zones or (in most cases
preferably) stub zones for the apex of each internal namespace of the
larger corp they want to see (hopefully there aren't too many distinct
namespaces used internally). Both corps should, in the longer term,
however, work together on a common web-proxy and DNS architecture.
Different business units doing such things following different paradigms
tends to lead to a lot of chaos and frustration for everyone concerned,
including the end users.
- Kevin
More information about the bind-users
mailing list