Question

[Kevin Darcy]

joe wrote:

>      I have 2 DNS servers running on an inside segment. They run fine.
> I have 2 DNS servers running on an outside segment. They run just fine
> as well. If I have hosts set up on a DMZ segment do I need to dedicate
> another DNS just for that segment? I would think I would just use the
> external DNS to do this? Is that right? Is this what's called a
> split-DNS? Any feedback appreciated.

As long as all of the hosts which need to resolve the DMZ names can
resolve them from the external DNS server, and you don't particularly
care that the Internet at large can also resolve those names, then you
should just be able to put them into your external DNS. If you want to
"hide" the names, then you could put them in a subzone and restrict
queries of that zone.

Split DNS would only apply if you wanted the same names in two different
DNS'es. This might be a possibility if you also want *internal* hosts to
be able to resolve the DMZ names and the names are in a zone which is
defined to the internal nameservers (nameservers won't forward queries
for any zones for which they consider themselves authoritative). In that
case, you'll have to maintain those names in the internal as well as the
external DNS.


- Kevin