Internal clients' queries for "myhostname." get sent to forwarders. Why?
Andreas Ntaflos
daff at pseudoterminal.org
Mon Mar 10 22:05:47 UTC 2014
On 2014-03-10 22:23, Kevin Darcy wrote:
> Options:
First, thanks a lot for the reply! So it seems what I described is
indeed the expected behaviour for the type of DNS we operate?
> 1) Change nameservice-switch order (e.g. /etc/nsswitch.conf) on your
> hosts to prefer another source of name resolution (e.g. /etc/hosts)
> which can resolve the shortname. Thus DNS is never used for these lookups
This might be a solution but I find that our DNS setup is just complex
enough that relying on /etc/hosts would probably introduce more
problems. Then there's managing /etc/hosts on hundreds of machines,
which we could of course do with Puppet, but I find that highly
unappealing. Currently we use Puppet to ensure /etc/hosts contains just
"127.0.0.1 localhost" and nothing else.
> 2) Simply :-) change your DNS architecture fundamentally, from one which
> forwards requests to the Internet by default (aka "the Microsoft way"),
> to one with an internal root zone and conditionally forwarding only
> those parts of the namespace that your internal clients actually need to
> see.
I confess that I didn't think there was any feasible way other than what
you call "the Microsoft way" to operate this kind of internal DNS. I
also don't think I've ever consciously heard of the setup you describe.
Can you point me to some reading material on what this entails and how
to get there?
Thanks again!
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140310/a86c54ee/attachment.bin>
More information about the bind-users
mailing list