Two zones on one BIND server - one a subdomain of the other?
Manuel A. McLure
mmclure at mclure.org
Tue Jun 20 21:17:28 UTC 2000
Hi, I have the following situation.
I have a machine that is DSL connected to the internet, and to my internal
network (private IP addresses) - i.e. an IP masquerading gateway. So it has
two IP adresses, an external and an internal. It is the only machine on my
network guaranteed to be up 24/7.
I want it to provide primary DNS for a vanity domain (let's call it
foobar.org) and also provide a caching nameserver and DNS for the machines on
my internal network. So far so good.
Now comes the clincher: I want my external addresses to be xxxx.foobar.org
(all CNAME records pointing to the gateway) and visible to anyone on the
Internet. I want my internal machines to be xxxx.internal.foobar.org and *not*
visible to the Internet (since they are all using internal 10.1.1.x IP
addresses).
One possible solution is to run two BIND servers - a non-recursive one on the
external IP address and a recursive one on the internal IP address, but I'm
looking for a simpler solution. Can I use a single BIND server and access
control to do this? I'm thinking of something like the following in the
named.conf file:
zone "foobar.org" {
type master;
file "foobar.org.db";
};
zone "internal.foobar.org" {
type master;
file "internal.foobar.org.db";
allow-query { 10.1.1/24; };
allow-transfer { 10.1.1/24; };
}
I think that if my internal domain is not a subdomain of foobar.org it will
work, but I'm not sure if I'm forced to delegate if it's a subdomain.
Any suggestions?
Thanks!
More information about the bind-users
mailing list