need Setup info for 2 DNS servers

Kevin Darcy kcd at daimlerchrysler.com
Fri Jun 15 20:30:55 UTC 2001 

Jeff Donovan wrote:

> Hi Kevin,
> thanks for the reply.
>
> >
> >
> >>  here is What I'm looking at doing:
> >>
> >>  (( iNet ))
> >>          |
> >>          |______{global access DNS}
> >>          |
> >>  [firewall]
> >>          |
> >>          |
> >>          {Internal access DNS/mail}
> >>
> >>  What I would like to do is have all of my clients query the internal
> >>  server for dns and mail. The rest of the world would see the external
> >>  box. But Im not sure how to configure these two machines to dance
> >  > together.
>   you'll have to excuse my ignorance.
>
> the internal network will be a combination NAT and Real ip's.
>
> >Just set up the external box(es) as slave(s) to the internal one.
>
> so My internal DNS box is the primary server (hidden master) and it
> holds the authoritative info for my domain. The external box is then
> setup as a slave (external master?).
> Is the term "slaves" the type of configuration? it is this term /
> configuration that I am unfamiliar with.
>
> I can lookup the "howto" in dns & bind. Is "setting up slave servers"
> what it's called?
> what is different about setting up a slave dns compared to a stand
> alone Primary Dns?
>
> >  If for
> >some reason your offsite slave can't get zone transfers directly from your
> >hidden master, then you could "chain" that slave off your "fake
> >master" slave, but that might slow down your change-propagation somewhat.
>
> Thanks for you input.

"slave" is just the more modern term for "secondary", and it's also the zone
type that you would specify in named.conf. Your external boxes would replicate
the zone(s) from the internal master (aka "primary"). The reason the master is
referred to as "hidden" in this case is because there is no NS record
referring to it. The rest of the world doesn't know who the real master is and
doesn't *need* to know. They get all of the information they need from the
externally-accessible slaves.

Alternatively, if you don't mind allowing external boxes to query the real
master, you could just configure things "normally" and pass the queries in and
responses out. "Hidden master" is for the situation where you don't want to,
or cannot allow the master to be accessed from the outside.


- Kevin

More information about the bind-users mailing list