Alan Clegg alan at
Thu Nov 1 11:26:31 UTC 2012

On Nov 1, 2012, at 7:14 AM, Kobus Bensch <kbensch at> wrote:

> Is that because split horizon doubles admin or because its bad all together?
> I have been using split horizon for many years now and found it very useful. Any thoughts from any on the list would be most welcomed.

Crafted for a private reply, but being re-used here:

There are places that views/split-horizon fit the model that has been put into place.  It does, however, break the "one-question, one-answer" concept that was foundational for DNS.

My recommendation is that for "internal" addressing, a separate zone be created that serves that address space.  You gain a number of things from this, including easier debugging and better data security (no-longer are you concerned about exactly what clients are seeing at "" since you know that the only people able to resolve/route "" are the ones that should be able to).

The problem lies in that over the years, people (usually the higher-ups) have been trained (by us, the in-the-trench guys) that "" can be one thing internally and something else externally, or that their printer really _should_ be named and not

All the best,
Alan Clegg | +1-919-355-8851 | alan at

More information about the bind-users mailing list