Multiple Network Subnets within same Domain Name Zone
Kevin Darcy
kcd at daimlerchrysler.com
Wed Jun 23 18:41:13 UTC 2004
Saunders, Shawn wrote:
>I have always restricted a single domain to a single network/subnet. So all
>I need is forward / reverse for our two internal networks, and forward only
>for our public IP hosts that are part of the same domain.
>
You can't forward queries on a per-host basis, unless you define
separate zones for each of those hosts, which would be a pain. So if you
really want to use forwarding for this, you may be better off defining a
separate subdomain for your external hosts, and then delegating that
subdomain. Or, maintain separate internal-vs-external versions of the
zone, as described earlier, and maintain them in parallel.
- Kevin
>So I don't have
>to break up the domain, into sub-domains, which means we don't have make
>changes to the legacy software and workstation configurations. Cool.
>
>Did I get this right?
>
>Sincerely,
>
>Shawn Saunders
>
>-----Original Message-----
>From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
>Sent: Wednesday, June 23, 2004 11:10 AM
>To: 'BIND Users Mailing List'
>Subject: Re: Multiple Network Subnets within same Domain Name Zone
>
>Saunders, Shawn wrote:
>
>
>
>>Is there any potential problems to the following scenario?
>>
>>I am authoritative for a domain, say xyz.com that has some host addresses
>>outside my firewall on public IP's. But I must also, have the hosts,
>>
>>
>inside
>
>
>>my firewall using Private Addresses 192.168.xxx.xxx within the domain
>>xyz.com, because of some legacy software that would require a major rewrite
>>to access these hosts, if we changed their naming structure.
>>
>>I just find it odd, to have multiple networks, being resolved to the same
>>domain, and if I do this, there is no real way to do the reverse zones for
>>the domain, because it would entail having multiple reverse zones for the
>>same domain, and is that allowed?
>>
>>
>>
>Yeah, sure it's allowed. On our internal network, we have a public class
>A, several public class B's, and various private ranges, all
>intermingled within the same forward domain. (Actually, it's a
>many-to-many relationship, since we have have several forward domains too).
>
>You should *not* put private addresses in the Internet DNS, though, and
>if (as you indicated) you use private address ranges, you *must* define
>the relevant reverse zones in your DNS so as to prevent pollution of the
>Internet DNS infrastructure with your private-address reverse lookups.
>As Peter suggested, you may want to look at the "view" feature to
>resolve the same name to different addresses depending on what client
>(internal vs external) is doing the asking. Be aware that this will
>incur parallel maintenance, however...
>
>
> - Kevin
>
>
>
>
>
>
>
>
>
>
More information about the bind-users
mailing list