Forward First on Master Zone (bypass SOA)
Doug Barton
dougb at dougbarton.us
Tue Apr 2 06:00:59 UTC 2013
On 04/01/2013 11:46 AM, Kevin Darcy wrote:
> On 3/29/2013 12:09 AM, Doug Barton wrote:
>> On 03/28/2013 12:28 PM, Ben-Eliezer, Tal (ITS) wrote:
>>> My organization is evaluating the use of split-view DNS in our
>>> environment.
>>
>> Simple ... don't do it. It's almost never the right answer, and as
>> you're learning carries with it more administrative overhead than the
>> problems it's designed to solve.
>>
>> Much better to spend the time carefully considering what your goals
>> are, and finding other ways to reach them.
>
> And your alternative is what? Run the external version of the namespace
> on a completely separate infrastructure from the internal version?
No, my point was don't do 2 versions.
Somewhere in the last 10 years (roughly corresponding to the popularity
of NAT) it became baked in to a large segment of the DNS operator
community that having internal and external views of the same zones was
not only necessary, it was the only right way to do things. In my
experience the number of times that this is the right answer are very
few and far between. Looking at the actual problems that need solving
without the prejudice that multiple views are necessary (or even
correct) often leads to better solutions.
Doug
More information about the bind-users
mailing list