Multiple Network Subnets within same Domain Name Zone

Kevin Darcy kcd at daimlerchrysler.com
Wed Jun 23 18:41:13 UTC 2004 

Saunders, Shawn wrote:

>I have always restricted a single domain to a single network/subnet.  So all
>I need is forward / reverse for our two internal networks, and forward only
>for our public IP hosts that are part of the same domain.  
>
You can't forward queries on a per-host basis, unless you define 
separate zones for each of those hosts, which would be a pain. So if you 
really want to use forwarding for this, you may be better off defining a 
separate subdomain for your external hosts, and then delegating that 
subdomain. Or, maintain separate internal-vs-external versions of the 
zone, as described earlier, and maintain them in parallel.

                                                                         
                                                - Kevin

>So I don't have
>to break up the domain, into sub-domains, which means we don't have make
>changes to the legacy software and workstation configurations.  Cool.
>
>Did I get this right?
>
>Sincerely,
> 
>Shawn Saunders
>
>-----Original Message-----
>From: Kevin Darcy [mailto:kcd at daimlerchrysler.com] 
>Sent: Wednesday, June 23, 2004 11:10 AM
>To: 'BIND Users Mailing List'
>Subject: Re: Multiple Network Subnets within same Domain Name Zone
>
>Saunders, Shawn wrote:
>
>  
>
>>Is there any potential problems to the following scenario?
>>
>>I am authoritative for a domain, say xyz.com that has some host addresses
>>outside my firewall on public IP's.  But I must also, have the hosts,
>>    
>>
>inside
>  
>
>>my firewall using Private Addresses 192.168.xxx.xxx within the domain
>>xyz.com, because of some legacy software that would require a major rewrite
>>to access these hosts, if we changed their naming structure.
>>
>>I just find it odd, to have multiple networks, being resolved to the same
>>domain, and if I do this, there is no real way to do the reverse zones for
>>the domain, because it would entail having multiple reverse zones for the
>>same domain, and is that allowed?
>>
>>    
>>
>Yeah, sure it's allowed. On our internal network, we have a public class 
>A, several public class B's, and various private ranges, all 
>intermingled within the same forward domain. (Actually, it's a 
>many-to-many relationship, since we have have several forward domains too).
>
>You should *not* put private addresses in the Internet DNS, though, and 
>if (as you indicated) you use private address ranges, you *must* define 
>the relevant reverse zones in your DNS so as to prevent pollution of the 
>Internet DNS infrastructure with your private-address reverse lookups. 
>As Peter suggested, you may want to look at the "view" feature to 
>resolve the same name to different addresses depending on what client 
>(internal vs external) is doing the asking. Be aware that this will 
>incur parallel maintenance, however...
>
>                                                                         
>                                 - Kevin
>
>
>
>
>
>
>
>
>  
>

More information about the bind-users mailing list