Split DNS Configuration in BIND
Frank Bulk
frnkblk at iname.com
Mon May 30 21:09:10 UTC 2011
Point taken, and I should have mentioned that it's NAT in play.
I agree, it's a problem that not all firewalls can hairpin public IPs back
to their private IPs, but when working with what you got sometimes the
solution isn't ideal.
Frank
-----Original Message-----
From: Doug Barton [mailto:dougb at dougbarton.us]
Sent: Monday, May 30, 2011 2:19 PM
To: frnkblk at iname.com
Cc: 'babu dheen'; bind-users at lists.isc.org
Subject: Re: Split DNS Configuration in BIND
On 05/30/2011 09:15, Frank Bulk wrote:
> Not all firewalls can hairpin a public IP back to a private IP. We've
> had to do this, too.
First, firewalls don't do routing. :)
> Yes, we could have create a separate zone, but that would requiring
> training our staff to use on FQDN internally and another with the
> customers. Easier to teach one thing to the staff and push the
> complexity back on the configuration.
Second, s/configuration/DNS/, which I would argue is the wrong layer.
Solve routing problems at the routing layer. But I realize that there
are differing opinions on this.
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the bind-users
mailing list