Advice on Internal Domain Names

Paul T. Root proot at iaces.com
Thu Feb 3 18:57:19 UTC 2000 

In a previous message, Mark Taylor said:
> 
> Just a little question, as a follow on.
> 
> If I have a server called bob.intranet.foo.co.uk, and a branch call
> london.foo.co.uk.  Anyone on the intranet.foo.co.uk domain will be able to
> get bob by using http://bob
> 
> However, everyone on the london.foo.co.uk domain will have to use
> http://bob.intranet.foo.co.uk (as many people on here have said is the
> down-side to the scheme I'm trying to adopt).
> 
> My question is, is there anyway to put a pointer into the
> london.intranet.foo.co.uk zone file that points to bob.  I tried the
> following to no avail:
> 
> bob CNAME bob.intranet.foo.co.uk

You need a dot on the end so that the current domain isn't tacked on.
Also, if your client's resolvers can do a search list, you could but
intranet.foo.co.uk in your search list and then bob would resolve.



> 
> Any ideas (or this the cross I have due to the name scheme)?
> 
> Mark
> Check out this Free Web Mail that pays YOU MONEY
> http://themail.com/ref.htm?ref=139869
> 
> Mark Taylor wrote in message <873ie1$njk$1 at taliesin2.netcom.net.uk>...
> >Wow.
> >
> >Come back five days later and find a huge response.
> >
> >Thanks to everyone for their advice.  I think I will probabley stick to the
> >host.branch.intranet.foo.co.uk structure because, as Peter says, it will
> >allow for some common services.
> >
> >I'm not to worried about the long host name implication as most users will
> >be defaulted to localhost.branch.intranet.foo.co.uk, or
> >bigserver.intranet.foo.co.uk, and then use links to jump around (if they
> >ever need to).  And for those buggers that want their home page to be
> >www.big-girls-r-us.com, then they can put the servers in their favourites
> >:-)
> >
> >Thanks again
> >
> >Mark Taylor
> >
> >Kevin Darcy wrote in message <388F54CA.63B649C7 at daimlerchrysler.com>...
> >>Adam Augustine wrote:
> >>
> >>> [snip]
> >>>
> >>> Also, it is actually very simple to make a general distinction between
> >>> external and internal hosts for a web browser without going through all
> >the
> >>> exception list stuff even though they may be in the same DNS subdomain.
> >>>
> >>> The requirements are that the hosts are on different IP subnets (as they
> >>> typically are in this situation) and the other gotcha is that it uses a
> >DNS
> >>> check to distinguish external and internal, so it creates an extra
> lookup
> >>> for every host resolved (once for the check the client makes to see
> which
> >>> subnet the target host is on, and once for the firewall to actually
> >resolve
> >>> the address).
> >>
> >>An extra lookup for every URL is a *huge* performance hit on a stupid
> >Wintel
> >>desktop that doesn't cache its DNS lookups. Remember that a single page
> can
> >>have dozens of URL's; all those lovely images to automatically download.
> We
> >>experimented with this approach and were practically lynched by the pilot
> >user
> >>group, because it slowed their web access to a crawl. Just a word of
> >caution.
> >>
> >>Ran fine on my Solaris workstation, of course...
> >>
> >>
> >>- Kevin
> >>
> >>> -----Original Message-----
> >>> From: Ole Christensen [mailto:Ole.Christensen at post.uni2.dk]
> >>> Sent: Tuesday, January 25, 2000 4:52 PM
> >>> To: Jim Reid
> >>> Cc: comp-protocols-dns-bind at moderators.isc.org
> >>> Subject: Re: Advice on Internal Domain Names
> >>>
> >>> If you want your "internal" users to have access to "external"/"public"
> >>> webservers in the foo.co.uk domain AND "internal" webservers, you should
> >>> definitely not use the naming scheme 'host.foo.co.uk' for internal
> >>> servers. The reason for this is you will have to register the external
> >>> servers on both the external (outside/public) DNS as well as on the
> >>> internal, and that if you plan to use a http-proxy for external
> >>> web-access you will have to administrate a (limited length)
> >>> exception-list for servers that your users browsers should  access
> >>> directly rather than through the proxy.
> >>>
> >>> Whether or not you should use 'host.branch.intra.foo.co.uk' or only
> >>> 'host.branch.foo.co.uk' is (I think) a matter of personal taste and how
> >>> complicated you want your (and your users) life to  be.
> >>>
> >>> Regards,
> >>>
> >>> Ole Christensen
> >>>
> >>> Jim Reid wrote:
> >>> >
> >>> > >>>>> "Mark" == Mark Taylor <nobody at nowhere.com> writes:
> >>> >
> >>> >     Mark> Hi I want some advice on how to name my internal domains.
> >>> >     Mark> We have a registered Domain Name (foo.co.uk for this
> >>> >     Mark> example), and I need to break it down for my internal
> >>> >     Mark> branches.
> >>> >
> >>> >     Mark> This will put all our internet servers on "visible"
> >>> >     Mark> foo.co.uk.  Everything on our intranet will be "non-visible"
> >>> >     Mark> intranet.foo.co.uk.
> >>> >
> >>> >     Mark> Is this the recommend approach to naming internal domains ?
> >>> >
> >>> > I don't think there are any recommendations for this. The naming
> >>> > scheme you've suggested will work OK, but it's perhaps a bit
> >>> > clumsy. You'll end up with internal hostnames like
> >>> >         host.branch.intranet.foo.co.uk
> >>> > which is a bit of a handful. The extra typing could be a bit of a
> >>> > nuisance for the internal users.
> >>> >
> >>> > It might be better to just use host.branch.foo.co.uk internally unless
> >>> > you *really* want to include another domain name component to
> >>> > differentiate between external and internal hosts. [And if you do
> >>> > that, there might be subtle knock-on effects on your internal mail
> >>> > configuration, resolver setups and so on.] You could just use split
> >>> > DNS and have two versions of foo.co.uk: one for the outside world and
> >>> > one for the inside. The outside world doesn't get to see your internal
> >>> > name space. The internal foo.co.uk could even be a superset of the
> >>> > external one. Running the two foo.co.uk on different name servers is a
> >>> > good idea too. That way it's easier to seperate the two name spaces
> >>> > and prevent the internal names from leaking to the outside world.
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
> >
> >
> 
> 
> 
> 


-- 
I possess a mind not merely twisted, but actually sprained.

More information about the bind-users mailing list