Multiple Network Subnets within same Domain Name Zone
Kevin Darcy
kcd at daimlerchrysler.com
Wed Jun 23 18:09:56 UTC 2004
Saunders, Shawn wrote:
>Is there any potential problems to the following scenario?
>
>I am authoritative for a domain, say xyz.com that has some host addresses
>outside my firewall on public IP's. But I must also, have the hosts, inside
>my firewall using Private Addresses 192.168.xxx.xxx within the domain
>xyz.com, because of some legacy software that would require a major rewrite
>to access these hosts, if we changed their naming structure.
>
>I just find it odd, to have multiple networks, being resolved to the same
>domain, and if I do this, there is no real way to do the reverse zones for
>the domain, because it would entail having multiple reverse zones for the
>same domain, and is that allowed?
>
Yeah, sure it's allowed. On our internal network, we have a public class
A, several public class B's, and various private ranges, all
intermingled within the same forward domain. (Actually, it's a
many-to-many relationship, since we have have several forward domains too).
You should *not* put private addresses in the Internet DNS, though, and
if (as you indicated) you use private address ranges, you *must* define
the relevant reverse zones in your DNS so as to prevent pollution of the
Internet DNS infrastructure with your private-address reverse lookups.
As Peter suggested, you may want to look at the "view" feature to
resolve the same name to different addresses depending on what client
(internal vs external) is doing the asking. Be aware that this will
incur parallel maintenance, however...
- Kevin
More information about the bind-users
mailing list