"split DNS"
Vu Pham ( Sivell )
vu at sivell.com
Sat Aug 5 08:28:34 UTC 2000
----- Original Message -----
From: "Kevin Darcy" <kcd at daimlerchrysler.com>
To: <bind-users at isc.org>
Sent: Friday, August 04, 2000 8:58 PM
Subject: Re: "split DNS"
>
> Split DNS, or "split namespace", is discussed in the _DNS_and_BIND_ book,
in
> the section on DNS and Firewalls.
>
> Basically, all "split DNS" is, is multiple instances of the same zone or
> zone(s). One nameserver instance serves one version of the zone, and
another
> instance serves a different version. Each instance serves a different user
> community, usually "external" versus "internal". Usually, the "external"
> version of the zone is a "shadow namespace" -- a subset of the internal
> version, which contains only those hosts and other resources which are
> externally accessible.
>
> The drawbacks with split DNS, as it is implemented today, are that you
need to
> a) run multiple nameserver instances, and b) maintain duplicates of the
> "global" data (data which must be visible to both internal and external
> users). The "views" mechanism of BIND 9 eliminates (a), by allowing you to
> load different versions of the same zone into a single instance and then
serve
> them to different sets of users. But you still have to maintain the global
> data -- that which must be visible in all views -- in multiple zonefiles,
> unless you play some sort of $INCLUDE tricks. Perhaps one day BIND will
> provide a way to "cascade" views so that you could just maintain the
global
> data in a single zonefile. One can only hope...
>
>
> - Kevin
>
Thanks for your explanation. I have some concepts now, & I will find that
book. The one I have is old ( 1994 ).
Vu Pham
More information about the bind-users
mailing list