Two zones on one BIND server - one a subdomain of the other?

Kevin Darcy kcd at daimlerchrysler.com
Tue Jun 20 22:38:04 UTC 2000 

You don't *have* to delegate. The only gotcha is that, in the absence of a
delegation, any internal slaves of "foobar.org" are going to believe that
"internal.foobar.org" is non-existent unless you give them explicit knowledge
otherwise, i.e. by defining the subzone as slave/stub/forward in their
configurations.

If and when you have a non-trivial number of internal slaves, the administration
and maintenance of all of those definitions may end up being more burdensome than
just setting up a "normal" split DNS in the first place.


- Kevin

mmclure at mclure.org wrote:

> Hi, I have the following situation.
>
> I have a machine that is DSL connected to the internet, and to my internal
> network (private IP addresses) - i.e. an IP masquerading gateway. So it has
> two IP adresses, an external and an internal. It is the only machine on my
> network guaranteed to be up 24/7.
>
> I want it to provide primary DNS for a vanity domain (let's call it
> foobar.org) and also provide a caching nameserver and DNS for the machines on
> my internal network. So far so good.
>
> Now comes the clincher: I want my external addresses to be xxxx.foobar.org
> (all CNAME records pointing to the gateway) and visible to anyone on the
> Internet. I want my internal machines to be xxxx.internal.foobar.org and *not*
> visible to the Internet (since they are all using internal 10.1.1.x IP
> addresses).
>
> One possible solution is to run two BIND servers - a non-recursive one on the
> external IP address and a recursive one on the internal IP address, but I'm
> looking for a simpler solution. Can I use a single BIND server and access
> control to do this? I'm thinking of something like the following in the
> named.conf file:
>
> zone "foobar.org" {
>           type master;
>           file "foobar.org.db";
> };
> zone "internal.foobar.org" {
>         type master;
>         file "internal.foobar.org.db";
>         allow-query { 10.1.1/24; };
>         allow-transfer { 10.1.1/24; };
> }
>
> I think that if my internal domain is not a subdomain of foobar.org it will
> work, but I'm not sure if I'm forced to delegate if it's a subdomain.
>
> Any suggestions?
> Thanks!

More information about the bind-users mailing list