Need some advise!
Kevin Darcy
kcd at daimlerchrysler.com
Thu Jan 6 01:04:25 UTC 2000
Adil Tahiri wrote:
> Hi guys
> We have a private IP network connected to the outside world using NAT.
> Currently we have an external dns server outside the firewall) acting as
> primary for our zones, the problem is we want to resolve internal names as
> well as external.
> Which approach would be better in this instance ?
> 1.Install an internal dns server and make it forward all unresolved queries
> to the external DNS.
> 2.Use the external dns server for everything.
> Any other way of achieving this ?
> Your help is really appreciated
For security reasons, you'd probably not want to put your internal data on the
external host (although of course if you can separate your internal and
external data into subdomains, you can then apply access controls). Also, why
waste all of that DNS traffic through your firewall unnecessarily? But on the
other hand, having everything on fewer DNS servers, you save yourself some
maintenance. (Notice I said "fewer"; you really shouldn't have *everything* on
one server if you care about availability).
- Kevin
More information about the bind-users
mailing list