New "Split DNS" server walk-through available!
Charles Bodley
Bodley at tflogic.com
Mon Jul 2 21:55:19 UTC 2001
Since this Walk through apperently does not do that great a job, where,
would you say, is the best walk through for split dns?
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Kevin Darcy
> Sent: Monday, July 02, 2001 5:34 PM
> To: comp-protocols-dns-bind at moderators.isc.org
> Subject: Re: New "Split DNS" server walk-through available!
>
>
>
> 1) You claim that this document is unique because it's
> "designed around a
> single NIC server". But the only "unique" part of it is that
> you toss in an
> explanation of how to configure a virtual interface. BFD.
> This is common
> knowledge. The rest of the document is really no different
> than a regular
> "multiple-NIC" Split DNS HOWTO. From a DNS/BIND standpoint,
> interfaces are
> interfaces. Whether they are virtual or not is pretty much irrelevant.
>
> 2) The document is basically stillborn, given the "view"
> mechanism in BIND 9.
> Although you don't clearly mention it, this document (given
> the references to
> rndc and dnssec-keygen) *requires* BIND 9, so why not use the
> "view" mechanism
> of that version instead of the blecherous, old-fashioned
> multiple-instance
> methodology?
>
> 3) Why on earth have the internal instance forward to the
> external instance?
> This ruins the whole goal of making a strict separation
> between recursive and
> non-recursive services. Also, it means you're going to
> increase your memory
> usage by caching some of the same entries in *both*
> instances. Just configure
> your internal instance with an Internet root hints file and
> master/slave/stub
> zones for all of your internal domains. There's nothing about
> split DNS that
> inherently requires forwarding, and for all of the usual
> reasons, forwarding
> should generally be avoided.
>
>
> - Kevin
>
> Andon M. Coleman wrote:
>
> > I have just written a walk-through that explains how to run
> a "Split DNS"
> > setup on a machine with only one NIC... It applies to
> machines with two or
> > more NICs also, but this tutorial is unique in that it's
> designed around a
> > single NIC server.
> >
> > For those of you who don't know, a "Split DNS" setup is one
> that gives a
> > different response for a query based on where the query came from...
> > Unfortunately, BIND does not have this capability built-in
> yet, so you have
> > to run two instances of BIND at once. Which becomes
> complicated, and having
> > only one NIC complicates things even more...
> >
> > This walk-through explains how to configure your DNS server
> using BIND so
> > that machines from your internal network get a different answer than
> > external machines when querying your primary domain... (i.e.
> > NULL.nothing-inc.com == 192.168.1.101 when queried
> internally, however, when
> > queried externally NULL.nothing-inc.com == 207.30.182.123)
> >
> > Anyway, the walk-through is available at:
> > http://DNS.nothing-inc.com
> >
> > Please let me know how it works... I haven't had time to
> proof read it even.
> >
> > Thanks,
> > Andon M. Coleman
>
>
>
>
>
More information about the bind-users
mailing list