stoopid question - split dns
Kelly Scroggins
kelly at cliffhanger.com
Mon Jul 31 13:11:50 UTC 2000
Quoting Mathias Koerber <mathias at staff.singnet.com.sg>:
On Mon, 31 Jul 2000, Kelly Scroggins wrote:
| I did say what I meant. ?
|
| How can I expain this to you?
|
| I do not want all of my internal information to be
| seen by the entire world (Internet).
|
| I only want certain devices to be seen be the
| entire world (Internet).
|
| As I understand it, this is called split dns.
|
| And I have concluded that the master server can
| not be the server with the database that does not
| have the full zone information in it. i.e., the
| server that's seen by the entire world (Internet).
You will need two master servers, one that has the full
inside zone, and one that has the outside zone with
just a few records in it. Obviously, for the outside zone
you will need slaves too (see RFC2182).
I have all of my machines behind the firewall. Is
it possible to have two masters of the same domain
with this setup? Is it even possible to have two
masters of a zone if there are name servers in the
dmz (outside the firewall)?
You cannot operate any zone (whether inside or outside)
with just a slave. (note that the two zones will
be distinct, though they have the same name !!)
[snip]
| I have three servers. One is the master and the
| other two are the slaves.
|
| One of the slaves is transfering zone info with
| our ISP. So that (slave) server CANNOT have a full copy
| of my zone info in it's database because I DO NOT
| want all of my internal zone information to be
| seen by the entire world (Internet).
Sure, but please realize that you will have to manage two different zones,
one for the inside and one for th eoutside.
I maintain the two different databases already.
Both need a master and slave(s) each.
Are you suggesting that the internal networks be
in a 'sub-zone'? If so, I would like to avoid
this if possible.
Thanks,
kelly
More information about the bind-users
mailing list