Forwarding from Internal DNS server.

[Jim Reid]

>>>>> ">" == union  <union at icon.co.za> writes:

    >> Hi, What I would like to try and get right is get my internal
    >> root server to forward all unresolved queries to my ISP's DNS
    >> system.

By definition a root server cannot have any unresolved queries because
it knows definitively what's in the root zone. Any names that are not
in that root domain simply don't exist. So your internal root will be
in its own self-contained name space, well away from the internet name
space. [Perhaps per-zone forwarding for every Internet TLD might work
with BIND8.2, but setting that up and maintaining it would be a
nightmare. I wouldn't like to try it.]

So if you want to resolve external names, you need to use other name
servers which use the internet's name space. Getting your firewalls to
do run those servers is probably the best approach. This still doesn't
solve your problem. You'll need proxy servers to handle things like
access to Internet web servers. These will have to use the firewall
name servers to resolve external names. The firewall name servers will
also need to resolve your internal names - the internal top-level
domains - so that these proxies can also resolve names and addresses
on the intranet.

As for mail, you will probably have to configure your internal mail
systems to recognise non-local domain names in addresses and forward
those messages to a smart system which can deliver to the outside them
via the firewalls. Likewise, your firewalls allow inbound mail to
those smart mail systems (or forward it to them) for onward delivery
to the internal mail servers.