Step-by-step guide on setting up a split DNS

[Simon Hobson]

George Mansoor wrote:

>Is there a step-by-step guide to setting up a split dns?

This is something I'm in the middle of setting up here (with the help 
of this list and the "DNS & BIND" book) ... Here is one particularly 
useful reply I had :

>From: Jonathan de Boyne Pollard <J.deBoynePollard at tesco.net>
>Date: Tue, 09 Sep 2003 13:30:17 +0100
>
>This is "split horizon" DNS service with multiple databases,
>one of the ways of setting up "split horizon" DNS service.
>
><URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon.html#MultipleDatabases>
>
><snip>
>The important point to remember is that client differentiation
>at content DNS servers, such as "views", operates based upon the
>IP address of the resolving proxy DNS server, not upon the IP
>address of the original DNS client.  In other words, your "views"
>must be based upon the IP addresses of the (back ends of the)
>proxy DNS servers that your administrators are running, not upon
>the IP addresses of the machines that they themselves are providing
>DNS service to.

Also, in the DNS & BIND book, lookup "views" in the index. In the 
Fourth Edition (don't know if that's the latest) there are three 
references : Chapter 10, advanced features; and two in Chapter 11, 
security.


Also, in reply to my query about making both the internal and 
external views as slaves, Kevin Darcy wrote :

>If you have another IP address available to assign to your master, you
>could use a combination of notify-source, transfer-source, and/or
>match-destinations to replicate your external and internal zone data
>completely independently of each other.
>
>I understand BIND 9.3 will have the ability to match views by TSIG key,
>which might open up more options...

Or as I understand it, you have to have different masters for the two 
zones (internal and external). But if you assign a second IP to your 
DNS master server, you can serve up the views from the master on the 
two IP addresses. I haven't got this far yet, I have the internal 
views as slaves from my internal master, and the external views as 
masters using local zone files.

Simon

-- 

NOTE: This is a throw-away email address which will reach me for as 
long as it stays spam-free, remove date for real address.

Simon Hobson, Technology Specialist
Colony Gift Corporation Limited
Lindal in Furness, Ulverston, Cumbria, LA12 0LD
Tel 01229 461100, Fax 01229 461101

Registered in England No. 1499611
Regd. Office : 100 New Bridge Street, London, EC4V 6JA.