Question about forwarder

Barry Margolin barmar at alum.mit.edu
Mon Feb 27 06:29:11 UTC 2006


In article <dtu2mp$1bc3$1 at sf1.isc.org>,
 ?E?E>>O <kyounghee2.kim at hynix.com> wrote:

> 5.      otherwise, when primary dns(=internal dns) receives query about DMZ
> hosts information, internal dns is supposed to forward external dns(because
> external dns is  set up as forwarder) 
> 
> external dns have to search its own external zone and response to internal
> dns.
> 
>  
> 
> but, external dns(=forwarder) didn??t search own DMZ zone and response is
> failed.

You haven't shown us the configuration, so it's hard to tell for sure.  
But my guess is that the DMZ hosts are in the same domain as the 
internal hosts.  A server will never forward for names in a domain it is 
authoritative for.  You need to have the internal and DMZ hosts in 
different zones.

You could put the internal hosts in a subdomain, like 
internal.yourcompany.com.  Or you could delegate subdomains for all the 
DMZ hosts, e.g.

exthost1 IN NS externalns.yourdomain.com.
exthost2 IN NS externalns.yourdomain.com.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list