Unapproved AXFR?
Olmy
olmy at thistledown.org
Tue Dec 14 19:24:59 UTC 1999
> Most organizations don't want to have different zones. They want to use
> company.com internally and externally, but the external version will have a
> subset of the contents (just www.company.com, the MX record for
> company.com, etc., but not all the internal servers and workstations). So
> you need to have a server with multiple DNS configurations, or multiple
> servers (many of our customers have us host the external domain, and they
> have internal servers that aren't listed in delegations). Either way, you
> need to make sure that the overlapping names in the domains are kept
> consistent (e.g. www.company.com should work for both internal and external
> clients).
Also, there would be one other issue to consider: the external version
may also need to have dummy entries (forward and reverse) for
internal servers and workstations if there's not a proxy involved. If
those desktops want/need to access secure sites that require lookup/
reverse resolution (i.e. download a 128-bit IE or netscape, blah blah)
In this case, a stripped down subset might not be adequate. Hence a
situation where true split-dns might be required and where allow-query
might not be adequate ...
jeff
More information about the bind-users
mailing list