Bind 9.1 As SOA with Windows 2003 DNS Server

Sten Carlsen stenc at
Tue Oct 10 22:02:24 UTC 2006

I use the same domain name both inside and outside. I use 2 views, one
for outside and one for inside; that equals roughly two independent
servers. My internal view has recursion enabled the external has it
disabled. All internal IPs are in the 192.168.x.x range and all external
IPs are routable.

I have never seen a glitch with this setup, nothing is leaked between
internal and external.

I can't believe that your basic problem is that you use the same domain
for internal and external use; I do that to support that mail etc. has
only one name to look up. That name is the same internally and
externally, but it gets a different IP depending on my physical location
when I do the lookup.

Skywalker wrote:
> I think I found the answer.  Our basic problem is that we are using the
> same domain name ( for internal and external use.  I read
> an article about split-brain DNS from Microsoft.  We would have an
> external DNS server that is authoritative for the zone and an internal
> DNS server that is authoritative for the the same zone name.  This
> method would not expose our internal computers to the outside.  The
> internal DNS server could perform forward lookups to the external DNS
> server.  The internal computer could therefore perform dynamic DNS
> updates to the internal DNS server.  Does this make sense?

Best regards

Sten Carlsen

No improvements come from shouting:


More information about the bind-users mailing list