cache-only with both external and internal dns...
Kevin Darcy
kcd at daimlerchrysler.com
Sat Dec 3 03:35:00 UTC 2005
Barry Margolin wrote:
>In article <dmo4jj$2guk$1 at sf1.isc.org>,
> "Ricardo M. Stella" <stella at rider.edu> wrote:
>
>
>
>>A quick question...
>>
>>We have separate internal and external DNS servers.
>>
>>We need to set up a cache only DNS server, but when trying to to this
>>(used RH RPM for it) we are hitting the external DNS servers when
>>querrying internal records.
>>
>>I know I could simply set them up instead as a secondary, but would there
>>be a way otherwise ?
>>
>>Seems like when I hit any host in mydomain.xxx, it goes out to the root
>>servers, then comes back.
>>
>>
>
>Configure a forwarding zone:
>
>zone "mydomain.xxx" {
> type forward;
> forwarders { <addr of internal server>; };
>};
>
Hmmm... I see that Barry and I came up with different responses to this
post. I guess it all depends on whether the clients in this scenario
need to resolve Internet DNS names. If they do (e.g. if the firewall
layer is basically a NAT type), then Barry's solution is correct
(although "stub" with a "forwarders { }" to selectively disable
forwarding might be a better way to go, especially if the internal
server(s) don't support recursion and/or if mydomain.xxx has subzones
delegated to diverse nameservers). If, on the other hand, the clients
don't need to resolve Internet DNS names (e.g. the firewall layer is
more of an application-level proxy type), then my internal-root-oriented
answer is probably more appropriate.
- Kevin
More information about the bind-users
mailing list