simple: how to add hosts for higher domain ?

[Uwe Heinz Rudi Dippel]

Ladislav Vobr wrote:

>> Now I'm asking for a hint, how to bring both together; how could a
machine contain a name for another box having the same hierarchy as the bind
machine ?
>> How can I make dns2.uniten.edu.my resolve helper.uniten.edu.my properly ?
>
>
>
> You will have to talk to the one who is the authority for uniten.edu.my to
put helper A record there. Your dns2 box can be slave for this zone,   or it
can be just a caching server, it's up to your design.


Thanks, I was afraid I'd have to go into more detail.
helper record sits there (in SOA); but dns2 and helper are in the DMZ and
uniten.edu.my uses a split-DNS. Surely, from DMZ you can only reach the
outside DNS and this will deliver the real Internet-IP of helper.

What we were planning to do was, to make dns2 deliver the (private) DMZ-IP
of helper *when you contact dns2*; e.g.
dig @dns2.uniten.edu.my helper
should bring a 10.10.10.21

So that bind would resolve dns2, helper (and other DMZ-machines) when
contacted; while recursing / forwarding any other request.
Delegation isn't needed, because helper and dns2 have their entries in the
master of uniten and can be contacted flawlessly from the Internet.

Again, because dns2 cannot reach the Inside-DNS providing the correct IPs in
the DMZ due to its location in that DMZ; and cannot use the Outside-IP due
to the crappy Cisco that wouldn't want to permit any request in and out of
the same interface and therefore drop any attempt to communicate between
machines within the DMZ through the firewall, we need another solution.

The idea therefore was to add dns2 into the resolution chain from Inside by
pointing inside machines to it; so that from DMZ the resolution of helper
and dns2 is done by dns2, while Internet addresses are sent further for
their resolution. The resolver of Inside machines would be pointing at two
addresses: WINS and dns2.

Ooops, if a drawing is needed, I'll make one !


Uwe