Two zones on one BIND server - one a subdomain of the other?
Manuel A. McLure
mmclure at mclure.org
Wed Jun 21 00:06:16 UTC 2000
That's not a problem, since I am not planning on running internal slaves to
foobar.org.
Thanks!
In article <394FF24C.79AEB at daimlerchrysler.com>, Kevin Darcy
<kcd at daimlerchrysler.com> wrote:
>You don't *have* to delegate. The only gotcha is that, in the absence of a
>delegation, any internal slaves of "foobar.org" are going to believe that
>"internal.foobar.org" is non-existent unless you give them explicit knowledge
>otherwise, i.e. by defining the subzone as slave/stub/forward in their
>configurations.
>
>If and when you have a non-trivial number of internal slaves, the
> administration
>and maintenance of all of those definitions may end up being more burdensome
> than
>just setting up a "normal" split DNS in the first place.
>
>
>- Kevin
>
>mmclure at mclure.org wrote:
>
>> Hi, I have the following situation.
>>
>> I have a machine that is DSL connected to the internet, and to my internal
>> network (private IP addresses) - i.e. an IP masquerading gateway. So it has
>> two IP adresses, an external and an internal. It is the only machine on my
>> network guaranteed to be up 24/7.
>>
>> I want it to provide primary DNS for a vanity domain (let's call it
>> foobar.org) and also provide a caching nameserver and DNS for the machines on
>> my internal network. So far so good.
>>
>> Now comes the clincher: I want my external addresses to be xxxx.foobar.org
>> (all CNAME records pointing to the gateway) and visible to anyone on the
>> Internet. I want my internal machines to be xxxx.internal.foobar.org and
> *not*
>> visible to the Internet (since they are all using internal 10.1.1.x IP
>> addresses).
>>
>> One possible solution is to run two BIND servers - a non-recursive one on the
>> external IP address and a recursive one on the internal IP address, but I'm
>> looking for a simpler solution. Can I use a single BIND server and access
>> control to do this? I'm thinking of something like the following in the
>> named.conf file:
>>
>> zone "foobar.org" {
>> type master;
>> file "foobar.org.db";
>> };
>> zone "internal.foobar.org" {
>> type master;
>> file "internal.foobar.org.db";
>> allow-query { 10.1.1/24; };
>> allow-transfer { 10.1.1/24; };
>> }
>>
>> I think that if my internal domain is not a subdomain of foobar.org it will
>> work, but I'm not sure if I'm forced to delegate if it's a subdomain.
>>
>> Any suggestions?
>> Thanks!
>
>
>
>
>
>
More information about the bind-users
mailing list