Split DNS/ VPN Split tunnelling
laura.l.herndon at accenture.com
laura.l.herndon at accenture.com
Tue Nov 13 21:39:05 UTC 2001
We currently have a split DNS architecture where our public zone is
different from our internal zone. We are planning to implement VPN with
split tunnelling, and foresee the following problem - DNS requests will be
'shotgunned' out both connections and both servers will respond with
different information (especially in the case of internally accessible only
devices in the 10.x.x.x range).
As far as I can tell, DNS accepts the first response it gets back. We're
so far not able to view the IPSec traffic created by the VPN client, so I
don't know if the two requests have the same request number in them. I'd
like to know how the resolver handles getting two different responses
(nonexistent host from the external NS and the IP from the internal NS).
Any insight would be helpful - reading the RFCs hasn't really provided any
insight (and I suspect this is not a common situation) and we'd like to
find a way to do this without going to a single domain model (which is
guaranteed to cause us many, many headaches).
Thanks,
Laura
Laura L. Herndon
Accenture - CIO Technology Services - Network Services - Data Network
Optimization
Phone: 214-672-4048 Cellular: 214-893-5383 Numeric Pager:
888-352-0578
Text Pager: 8883520578 at airmessage.net email:
laura.l.herndon at accenture.com
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you have
received it in error, please notify the sender immediately and delete the
original. Any other use of the email by you is prohibited.
More information about the bind-users
mailing list