Forwarding from Internal DNS server.

Kevin Darcy kcd at daimlerchrysler.com
Tue Feb 1 20:40:06 UTC 2000 

Jim Reid wrote:

> >>>>> ">" == union  <union at icon.co.za> writes:
>
>     >> Hi, What I would like to try and get right is get my internal
>     >> root server to forward all unresolved queries to my ISP's DNS
>     >> system.
>
> By definition a root server cannot have any unresolved queries because
> it knows definitively what's in the root zone. Any names that are not
> in that root domain simply don't exist. So your internal root will be
> in its own self-contained name space, well away from the internet name
> space. [Perhaps per-zone forwarding for every Internet TLD might work
> with BIND8.2, but setting that up and maintaining it would be a
> nightmare. I wouldn't like to try it.]
>
> So if you want to resolve external names, you need to use other name
> servers which use the internet's name space. Getting your firewalls to
> do run those servers is probably the best approach. This still doesn't
> solve your problem. You'll need proxy servers to handle things like
> access to Internet web servers. These will have to use the firewall
> name servers to resolve external names. The firewall name servers will
> also need to resolve your internal names - the internal top-level
> domains - so that these proxies can also resolve names and addresses
> on the intranet.
>
> As for mail, you will probably have to configure your internal mail
> systems to recognise non-local domain names in addresses and forward
> those messages to a smart system which can deliver to the outside them
> via the firewalls.

I thought the point of the exercise was to try and send mail out a
"nearby" Internet connection whenever possible; sending everything to a
"smart" system would seem to mostly defeat that purpose, since by the
time the "smart" system has figured out how best to send out the message,
it's already travelled across the WAN, and might have to travel even
further across it to get to the closest firewall.

If the network topology lends itself to this approach, maybe a big
round-robin with "sortlist" games might be a better way to go (????).

Or just bite the bullet and maintain multiple, location-specific mail
configurations...


- Kevin

More information about the bind-users mailing list