restricted DNS

Kevin Darcy kcd at daimlerchrysler.com
Tue May 30 20:08:08 UTC 2000 

Marc Redmile wrote:

> Hi Kevin,
>
> Thanks for you detailed reply.  A few points flew over my head though  :-)
>
> like: A)  What is the "min-roots" global option ?

Hmmm... How to rephrase? It's a global option called "min-roots". The default
is set to 2. If you have only 1 root server, named is likely to complain a lot
(and may not work properly) unless you change "min-roots". See the
documentation for "options".

> and B)  . Or,
> > to be just a little less confusing, you could split out "in-addr.arpa" or
> > some subdomain thereof for a neater forward/reverse segregation. ???

All I meant was that you could have all of your forward domains and
subdomains, e.g. ".", "com", "example.com" in one zone (the root zone), and
all of your reverse zones, e.g. "in-addr.arpa", "168.192.in-addr.arpa", or
whatever, in another zone. That might make things a little less confusing. The
neat thing about having your own private namespace and your own internal root
is that you can structure your zones any way you want. Or not at all. This
liberality, however, can also be a source of confusion and chaos, so choose
wisely. Jim Reid has related to me some horror stories about what happens when
different groups within the same organization go crazy with their own private
internal-root namespaces....


- Kevin

>
>
> I feel dumb.
>
> hope you are still on this one.
>
> regards,
> Marc.
>
> "Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
> news:392ECA08.3A4FF3CF at daimlerchrysler.com...
> > Marc Redmile wrote:
> >
> > > Dear pro's,
> > >
> > > Is it possible to run a simple DNS setup on a machine which does not
> have
> > > internet access ?
> >
> > Sure, but do you still want to resolve Internet names? In you do, then
> > you'll have to find a server with Internet access to use as a forwarder.
> >
> > If you don't need to resolve Internet names, then you can run without
> > forwarding, but you'll need an internal root zone. If you have only one
> > server available to serve the root zone, you may want to tweak the
> > "min-roots" global option.
> >
> > If you have a *really* simple DNS setup with no requirement to resolve
> > external names, you don't even actually need separate zones: you could
> throw
> > everything, forward and reverse, into a single root zone. I have in the
> past
> > set up such "self-contained" DNS'es for test boxes on isolated networks.
> Or,
> > to be just a little less confusing, you could split out "in-addr.arpa" or
> > some subdomain thereof for a neater forward/reverse segregation.
> >
> >
> > - Kevin
> >
> >
> >
> >
> >

More information about the bind-users mailing list