MX record for a delegated zone in a parent?
kcd at daimlerchrysler.com
Fri Jan 21 20:46:23 UTC 2005
Rongsheng Fang wrote:
>We are running BIND 9.3.0 on the name servers (ns1 and ns2) for our
>domain (foo.com). And we have a delegated zone called us.foo.com in ns1
>and ns2's config. The name server for zone us.foo.com is not in the DMZ
>and can only be queried from intranet, which means any records (A, MX,
>etc) for us.foo.com cannot be queried by public. But now we need to make
>MX record for us.foo.com queryable by public while still keeping all the
>other records invisible to public.
>My question is: is this doable? If so, how? (we are not going to put the
>name server for us.foo.com in the DMZ unless obsolutely needed).
You have some hard choices here. Either put that nameserver in the DMZ,
or move to a "split namespace" where you maintain different
internal-vs-external versions of your DNS data in parallel. In the
external version, us.foo.com wouldn't even need to be delegated as a
subzone, with the only records owned by the name being MX records (i.e.
it could be a subdomain rather than a subzone).
More information about the bind-users