Split DNS and FAQ
Kevin Darcy
kcd at daimlerchrysler.com
Fri Apr 6 18:56:59 UTC 2001
Okay, after reading that FAQ entry *in*context*, I see that they're
talking about a split DNS setup with the "private" DNS forwarding to a
"public" DNS. I configure things differently: I run both the private and
public instances on the firewall, with the public instance non-recursive
and the private instance configured like a normal caching server except
with apex stub zones for the internal domains. Remember, of course, that
with a proxy-type firewall (as we have), there is very little reason for
normal internal clients to have to resolve Internet addresses. The
"private" instance is mainly for the use of the firewalls themselves.
I suppose if your "private" DNS were behind the firewall and unable to
contact other nameservers on the Internet, you might *have* to forward,
for it to be able to resolve Internet names. In which case, both of
those "should"s are still inappropriate, since you have no choice in the
matter.
- Kevin
Adam Lang wrote:
> http://www.dns.net/dnsrd/
>
> Adam Lang
> Systems Engineer
> Rutgers Casualty Insurance Company
> http://www.rutgersinsurance.com
> ----- Original Message -----
> From: "Kevin Darcy" <kcd at daimlerchrysler.com>
> To: <bind-users at isc.org>
> Sent: Thursday, April 05, 2001 5:05 PM
> Subject: Re: Split DNS and FAQ
>
> >
> > Adam Lang wrote:
> >
> > > I read this section in the FAQ:
> >
> > Which FAQ?
More information about the bind-users
mailing list