Split DNS, Firewalls, Forewarders, etc
Nicholas Lee
nj.lee at kiwa.co.nz
Thu Feb 3 20:25:13 UTC 2000
"Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
news:3899DA09.5400D9A at daimlerchrysler.com...
> No, "forwarders only" is a little bit of a misnomer: a server won't
forward if
> it's authoritative for the answer or the answer is in its cache.
>
Although one issue worth noting I've discover is given at
http://www.greatcircle.com/firewalls-book/errata.html (Page 286-294).
The internal DNS server is not authoritative for internal sub-domains its
delegated, and the external DNS probably doesn't know about the sub-domain
delegations.
I wonder if something like "forwarders only unless delagated subdomain;"
wouldn't work for that situation.
Nicholas
More information about the bind-users
mailing list