Split DNS questions

[Kevin Darcy]

jeff donovan wrote:

> >
> >Basically. But be aware that you're going to have to maintain parallel
> >versions of your internal zones on each server, with the internal
> >version of the zone being a superset of the external version. Forwarding
> >is granular only to the zone level, so if your internal server is
> >authoritative for, say, example.com, it will never query any other
> >nameserver for any name in example.com. This implies that all of your
> >external names will need to appear in the internal version of the zone
> >as well as all of the "private" names.
> Ok,...that doesn't seem to be a to big of a problem, other than
> having to maintain two sites.
>
> The Internal zone hosting private address space and global addresses
> and
> The External server just hosting the global addresses
>
> my question is, how do I set the external server to accept forward
> requests that the Internal server can not resolve ( eg,..www.isc.org
> , internal client points to internal dns, the query should forward to
> the external server right? )
>
> Is there something special i need to set on the external server to
> accept the queries from the internal server, I know you mentioned
> "allow-recursion".
> would this work;
>
> options {
>          allow-recursion { My_Internal_DNS };
> };

Yes, allow-recursion takes either individual IP addresses, or whole ranges,
e.g. 192.168/16.


- Kevin