question about split DNS

Jonathan Horne freebsd at dfwlp.com
Sat Jul 29 04:31:06 UTC 2006


On Friday 28 July 2006 23:14, Jonathan Horne wrote:
> On Friday 28 July 2006 21:30, Barry Margolin wrote:
> > In article <eaeggi$1038$1 at sf1.isc.org>,
> >
> >  Jonathan Horne <freebsd at dfwlp.com> wrote:
> > > ive been reading this page trying to understand exactly how the
> > > configuration works:
> > >
> > > http://www.isc.org/sw/bind/arm93/Bv9ARM.ch04.html#id2549203
> > >
> > > but its looking like in the end, i still have to run 2 seperate DNS
> > > servers. is it possible to serve one zone file to internal hosts, while
> > > serving another zone file to external hosts... but both zones are
> > > [example.com] and both served from the same server?
> > >
> > > ideally, i would like to accomplish both internal and external views
> > > from the same server, if at all possible.
> >
> > You can do it in a single server by using the "views" feature of BIND 9.
> > It looks like that web page was never updated for BIND 9, so it still
> > shows the way to do it in BIND 8, which requires separate servers.
>
> thank you barry!  it seems just needed to adjust my google search terms,
> and i found exactly what i was looking for.  in the end, this article
> showed examples that i used to create and test a working sample of my dev
> domain, that speaks one way to some clients, and another to other clients.
>
> http://www.oreillynet.com/pub/a/oreilly/networking/news/views_0501.html
>
> interestingly, it seems that the views method seems respect top to bottom
> first-match order of their listing on the named.conf.  my original sample
> had my external (any) zone at top, and my internal hosts obviously match
> the (any) category.  a switch of my internal view to the top, and
> everything was right.
>
> my next questions in this project are:
> 1) can the acl localnets be redefined safely (i would like to consider my
> other sites that connect over vpn to be considered localnets), or should i
> just stick with defining a new acl, such as 'corpnets' and going with that?
>
> 2) what should i do with my localhost and roothint zones?  should they be
> in internal or external view?  right now, i have them in external, and
> while they might appear to be working correctly, i would like to know if it
> would be better to have them in the internal only.
>

and a 3rd question:
3) for all practical purposes, the internal version and external versions are 
the zones *are* completely differnet zone files, even tho they technically 
represent the same name space?  therefore, their serial numbers dont 
necessarily need to match?  and theoretically, is it ok to have different 
sets of hosts in the internal vs external, with the intention that the 
external one will just return "unknown host" for the ones that are omitted 
intentionally?

cheers,
jonathan



More information about the bind-users mailing list