DNS records visible only for LAN computers

Mark Andrews marka at isc.org
Mon Nov 16 00:09:40 UTC 2009

In message <SNT114-W6194BD51E06259D620D29387A60 at phx.gbl>, Peter Macko writes:
> Setup:I have a domain example.com that is hosted on DNS under control of my=
>  internet provider.Web server www.example.com is hosted by another company.=
> I have setup a local DNS for computers on my LAN. I have a LDAP server on L=
> AN.
> Question:I want to make LDAP visible only for computers on LAN without alte=
> ring DNS (of the internet provider).The name of LDAP server should be ldap.=
> example.com. Is it possible to do it?
> I can think of two solutions:1) I could create master zone for example.com =
> on DNS (on LAN). This way I have to create A record for www.example.com=2Cb=
> ut if internet provider changed ip address of the web-server=2C computers o=
> n lan would not reachwww.example.com and I would have to update A record on=
>  local DNS.
> 2) Another solution is to create zonefile for subdomain local.example.com o=
> n LAN DNS=2C so ldap.local.example.com.But this is not exactly what I want.
> What is the correct solution?

Why don't you just create the zone ldap.example.com locally and
transfer it between your local servers?

zone ldap.example.com {
	allow-query  { localnets; };

$TTL 3600
@ SOA internal.example.com. peter_macko.msn.com. 1 1200 600 360000 180
@ NS internal.example.com.
@ A <IPv4 address of ldap server>
@ AAAA <IPv6 address of ldap server>

> Thank you 		 	   		 =20
> _________________________________________________________________
> Windows Live: Friends get your Flickr=2C Yelp=2C and Digg updates when they=
>  e-mail you.
> http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/so=
> cial-network-basics.aspx?ocid=3DPID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092=
> 010=
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list