Complex DNS Resolver Question
Nathan Benson
tuxtattoo at gmail.com
Mon May 16 18:35:44 UTC 2005
hi Barry,
i am actually trying to configure something very similar, i believe.
i have remote offices that are connected to the home office via VPN
tunnels. the remote offices have slave name servers on each office
network. i am trying to configure the remote office name servers to
use the public facing (SOA) name server as a forwarder for the zone,
and then fall back on it's local internal slave file if the public
facing server doesn't have an entry for that query.
the flow i'm trying to accomplish is like this (and this is what i am
currently *trying* to get working):
looking up a host that has a DMZ address:
1. user in a remote office looks up "mail.domain.com"
2. the remote office name server forwards the request to the
external name server
for the zone.
3. an entry is found, so the slave server sends the answer to the user.
looking up an internal host that has no DMZ address:
1. user in a remote office looks up "private.domain.com"
2. the remote office name server forwards the request to the
external name server
for the zone.
3. no entry is found
4. slave server then looks at it's local slave copy of the zone "domain.c=
om"
5. an entry is found, the slave returns the local (VPN) answer to the use=
r.
i am trying to keep from maintaining more than two zones files
(internal and external) for this domain. the whole reason for this
mess was an effort to build a more reliable DNS setup that isn't a
pain to maintain (like it is now).
i know there has got to be a way to accomplish this without resorting
to routing foo/other trickery, but it's really just escaping me. is
it possible to configure bind to try multiple name servers until it
gets an answer?
i appreciate your assistance and your time,
nathan
On 5/13/05, Barry Finkel <b19141 at achilles.ctd.anl.gov> wrote:
> "www.ttdown.com" <radiusmax at hotmail.com> wrote:
>=20
> >We are currenlty connected to another company via a LAN-to-LAN vpn
> >with limited access to some of their resources. We are trying to
> >setup DNS for our local clients to access these resources through our
> >DNS servers. However, this company also has their domain name
> >available to the internet. For example, example.com is there domain.
> >We want to access test.example.com through the VPN, but we want to
> >access home.example.com via the internet.
> >
> >Basically, I would like to selectively resolve some records for a
> >domain one way and for the other records within that domain, have
> >internet DNS records resolve it. Is it possible to do this with Bind
> >9 or Windows 2003 DNS?
>=20
> There are two separate issues here. The first concerns which DNS server
> to query, and the second concerns what TCP/IP routing to use to get to
> the server in question. If test.example.com is on a different subnet
> than home.example.com, then you can configure your routers accordingly.
>=20
> With respect to DNS, can your DNS server(s) be slaves for the
>=20
> example.com
>=20
> zone(s)? I can not give a more detailed answer without knowing more
> specifics about your configuration and the subnets involved.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Computing and Information Systems Division
> Argonne National Laboratory Phone: +1 (630) 252-7277
> 9700 South Cass Avenue Facsimile:+1 (630) 252-4601
> Building 222, Room D209 Internet: BSFinkel at anl.gov
> Argonne, IL 60439-4828 IBMMAIL: I1004994
>=20
>
More information about the bind-users
mailing list