question about split DNS
Barry Margolin
barmar at alum.mit.edu
Sat Jul 29 05:32:14 UTC 2006
In article <eaeova$2imv$1 at sf1.isc.org>,
Jonathan Horne <freebsd at dfwlp.com> wrote:
> On Friday 28 July 2006 23:14, Jonathan Horne wrote:
> > my next questions in this project are:
> > 1) can the acl localnets be redefined safely (i would like to consider my
> > other sites that connect over vpn to be considered localnets), or should i
> > just stick with defining a new acl, such as 'corpnets' and going with that?
I think it's best to define your own ACLs rather than redefining the
built-in ones, as it will cause less confusion if others need to look at
your configuration.
> >
> > 2) what should i do with my localhost and roothint zones? should they be
> > in internal or external view? right now, i have them in external, and
> > while they might appear to be working correctly, i would like to know if it
> > would be better to have them in the internal only.
These zones are only needed for clients that are using your server as a
resolver, which is presumably just your internal view. The external
view should have recursion disabled, and doesn't need anything other
than the data you want to be publically visible.
> >
>
> and a 3rd question:
> 3) for all practical purposes, the internal version and external versions are
> the zones *are* completely differnet zone files, even tho they technically
> represent the same name space? therefore, their serial numbers dont
> necessarily need to match? and theoretically, is it ok to have different
> sets of hosts in the internal vs external, with the intention that the
> external one will just return "unknown host" for the ones that are omitted
> intentionally?
Exactly. It's just like having two different servers, as in the split
DNS configuration described in the page you initially looked at.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list