administrating BIND with Private IPs

[Kevin Darcy]

You should *never* put private IP addresses in the public DNS.

Stick with what you're already doing. Your "fake domain" setup is
actually just an implementation of "split DNS", and it is exactly how
this situation should be addressed. What don't you like about it?

One thing to be aware of is that if you want your internal clients to see
both the "fake" (internal) and "real" (external) DNS names in your zones,
you'll have to maintain those names in *both* copies. Unfortunately,
there's really no way around that.


- Kevin

Maximo Ramos wrote:

> Hi ... It was hard trying to put a descriptive subject :)
>
> My situacion:
>
> My domain is:  domain.com
>
> with two name servers:
>
> NS1     some remote machine
> NS2     my machine here
>
> in NS2 I have a small network, with some machines with private IP
> addresses, and NS2 is fetching the dns information from NS1 (it's the
> slave)
>
> Now, is it right to put such info in my db.domain.com like this???:
>
> <Real.IP.Address>       IN A    host.domain.com
> <Real.IP.Address>       IN A    host2.domain.com
> 192.168.1.5             IN A    fake.domain.com (in my LAN)
> 192.168.1.6             IN A    fake2.domain.com (in my LAN)
>
> I can't figure out how I can prevent somebody who may try to resolve
> fake.domain.com and receive such a private address.
>
> I'd like people outside to be able to resolve host.domain.com and
> host2.domain.com, and leave the 192.168.1.X info for my LAN
> exclusively (eth1)
>
> Right now, in NS2 I have a fake domain for my fake machines in my LAN,
> but I don't like this solution.
>
> Gee! it is really hard to explain what I am trying to do, I am not a
> native speaker of english :(
>
> Hope somebody here gets the idea ........
>
> --
> ----------------------------------------------------
> Maximo Ramos
> >From The Land of The Morning Calm
> "I am free of prejudices. I hate everyone equally."
> ----------------------------------------------------