Help! DNS Config Inquiry

[Kevin Darcy]

Barry Margolin wrote:

> In article <9iksrl$acq at pub3.rc.vix.com>,
> Chris Coddington <chriscoddington at hotmail.com> wrote:
> >
> >I'm new to subdomains, so I'm not sure which config is the best for my
> >situation.  This is what I want to accomplish:
> >
> >x-y-z
> >
> >x= Master DNS Server housing parent domain mydomain.com
> >y= Firewall
> >z= Secondary/Master DNS Server(?) secondary to server "x" but Master
> >to a new subdomain.mydomain.com
> >
> >I don't want subdomain.mydomain.com to be known to anyone outside the
> >firewall by digging server "x".  Is this config possible?
>
> Configure all the client machines behind the firewal to use z as their
> nameserver.  Make z a master for subdomain.mydomain.com zone on z, but
> don't mention it at all on y.  Configure z as a slave for mydomain.com.

All other internal nameservers -- if any -- would also have to have explicit
knowledge of subdomain.mydomain.com (e.g. configured as slave/stub/forward for the
zone). At a certain point, this may be too cumbersome to administer, and it may
make more sense to maintain a internal version of the mydomain.com on z in
parallel with the external version, with the internal version having a delegation
for subdomain.mydomain.com. This architecture would also better accommodate the
addition of other internal-only subdomains.


- Kevin