New "Split DNS" server walk-through available!

Kevin Darcy kcd at daimlerchrysler.com
Mon Jul 2 21:33:43 UTC 2001 

1) You claim that this document is unique because it's "designed around a
single NIC server". But the only "unique" part of it is that you toss in an
explanation of how to configure a virtual interface. BFD. This is common
knowledge. The rest of the document is really no different than a regular
"multiple-NIC" Split DNS HOWTO. From a DNS/BIND standpoint, interfaces are
interfaces. Whether they are virtual or not is pretty much irrelevant.

2) The document is basically stillborn, given the "view" mechanism in BIND 9.
Although you don't clearly mention it, this document (given the references to
rndc and dnssec-keygen) *requires* BIND 9, so why not use the "view" mechanism
of that version instead of the blecherous, old-fashioned multiple-instance
methodology?

3) Why on earth have the internal instance forward to the external instance?
This ruins the whole goal of making a strict separation between recursive and
non-recursive services. Also, it means you're going to increase your memory
usage by caching some of the same entries in *both* instances. Just configure
your internal instance with an Internet root hints file and master/slave/stub
zones for all of your internal domains. There's nothing about split DNS that
inherently requires forwarding, and for all of the usual reasons, forwarding
should generally be avoided.


- Kevin

Andon M. Coleman wrote:

> I have just written a walk-through that explains how to run a "Split DNS"
> setup on a machine with only one NIC... It applies to machines with two or
> more NICs also, but this tutorial is unique in that it's designed around a
> single NIC server.
>
> For those of you who don't know, a "Split DNS" setup is one that gives a
> different response for a query based on where the query came from...
> Unfortunately, BIND does not have this capability built-in yet, so you have
> to run two instances of BIND at once. Which becomes complicated, and having
> only one NIC complicates things even more...
>
> This walk-through explains how to configure your DNS server using BIND so
> that machines from your internal network get a different answer than
> external machines when querying your primary domain... (i.e.
> NULL.nothing-inc.com == 192.168.1.101 when queried internally, however, when
> queried externally NULL.nothing-inc.com == 207.30.182.123)
>
> Anyway, the walk-through is available at:
>     http://DNS.nothing-inc.com
>
> Please let me know how it works... I haven't had time to proof read it even.
>
> Thanks,
> Andon M. Coleman

More information about the bind-users mailing list