wallewek at kmsi.net: Re: Advice on proposed DNS change for split domains (2)

Paul A Vixie vixie at mibh.net
Sat Nov 4 20:02:57 UTC 2000 

did anybody look at his proposal when it was posted to namedroppers?

------- Forwarded Message

Return-Path: wallewek at kmsi.net
Received: from box.mfnx.net (box.mfnx.net [204.152.184.227]) 
	by redpaul.mibh.net (8.9.3/8.9.1) via ESMTP id RAA38527
	for <vixie at redpaul.mibh.net>; Fri, 3 Nov 2000 17:50:21 -0800 (PST)
	env-from (wallewek at kmsi.net)
From: wallewek at kmsi.net
Received: from mail8.cadvision.com (mail8.cadvision.com [207.228.64.93]) 
	by box.mfnx.net (8.9.3/8.9.1) via ESMTP id RAA48045
	for <vixie at mibh.net>; Fri, 3 Nov 2000 17:50:21 -0800 (PST)
	env-from (wallewek at kmsi.net)
Received: from sparky.kmsi.net (h24-68-200-17.sbm.shawcable.net [24.68.200.17])
	by mail8.cadvision.com (8.9.3/8.9.3/CWT/DCE) with SMTP id SAA08477
	for <vixie at mibh.net>; Fri, 3 Nov 2000 18:50:14 -0700
To: Paul A Vixie <vixie at mibh.net>
Subject: Re: Advice on proposed DNS change for split domains (2)
Date: Fri, 03 Nov 2000 18:50:20 -0700
Organization: K&M Systems Integration
Message-ID: <j8q60t46l0nb9rc015u6ua6vc9il72p461 at 4ax.com>
References: <4d040t0d680oims43ttatero0jb9kftpif at 4ax.com> <200011032008.MAA35829 at redpaul.mibh.net>
In-Reply-To: <200011032008.MAA35829 at redpaul.mibh.net>
X-Mailer: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by redpaul.mibh.net id RAA38527

On Fri, 03 Nov 2000 12:08:36 -0800, you wrote:

>take a look at bind9's "view" statement to see what i came up with after
>puzzling over this problem for 9 years.

Agreed, it's a toughie.  OK, I've looked over the BIND9 ARM again.  See if
I've understood it properly.

You appear to have two areas that deal with Split DNS; acl-based
internal/external definitions, and views.

The acl-based definitions appear to require the internal and external
hostnames be defined in different domains.  That's a problem, as you
already know.

The views-based solution doesn't have that limitation (it's quite clever,
actually), but it requires a single server to host both internal and
external hostnames.  That's a problem for administrative and security
reasons, and it blows away the classic ISP-external and private-internal
configuration.


Have a look at my forwarding-master idea, if you would, please.  It
resolves both of these issues, and places no new requirements on the
external server.


/kenw
Ken Wallewein
Calgary, Alberta
kenw at kmsi.net

------- End of Forwarded Message

More information about the bind-workers mailing list