Split PTR zone (internal and external)

CT groups at obsd.us
Fri Jul 29 02:21:01 UTC 2011


On 7/28/2011 4:58 PM, Kevin Darcy wrote:
> On 7/28/2011 12:26 PM, CT wrote:
>> I am wondering what might be a good "workaround" for this
>> legacy setup...
>>
>> Will do my best to explain..
>>
>> IP Space
>> - 1 Class B Global Unique (used Externally and Internally)
>> - 1 Class B RFC1918
>>
>> DNS Setup
>>
>> External DNS     (Linux - Bind 9.8.x)
>> - example-ext.com     DNS domain
>> - authoritative for PTR Global Unique
>>
>> Mid Teir DNS      (Linux - Bind 9.8.x)
>> - Mixture of Class B Global and RFC 1918
>> - not accessible "from the Internet"
>> - forwards all RFC 1918 PTR to the Internal DNS
>> - can resolve any Internal / External A records
>>
>> Internal DNS        (MS DNS - w/DDNS)
>> - only internal DNS zones (i.e. inside.example.com)
>> - MS DNS use Mid Tier DNS for "external" name resolution (i.e. isc.org)
>> - Has the *same* Global Unique Class B PTR as the External DNS
>> **********************
>>
>> Scenario
>>
>> - internal hosts using the Internal DNS can not resolve  External PTR
>> for example-ext.com. since a valid PTR zone already exists..
>>
>> The only solution that I have come up with is to manually
>> put the "external" PTR records in the AD PTR Zone file.
>>
>> Not sure if there is a resolution to do in MS DNS but will ask the same
>> question in that group.  Wanted to start here..
> Delegate out the relevant /24 ranges as subzones of your main /16 
> in-addr.arpa zone. Define only the internal reverse subzones in your 
> "Internal DNS" and then use slave/stub/forward to resolve all of the 
> external ones.
>
>                                                                                                         
> - Kevin
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Much Thanks..
I will see if the /16 can be delegated out..

CT



More information about the bind-users mailing list