internal root and authoritative DNS
Brad Knowles
brad at stop.mail-abuse.org
Mon Mar 21 18:20:51 UTC 2005
At 9:14 AM -0800 2005-03-21, KD5ZMG wrote:
> Can an Internal root DNS and an Authoritative DNS
> server reside on the same physical server?
When you run an "internal root", you use precisely the same
technique that the actual root nameservers use. Note that the root
nameservers used to also serve some of the TLDs as well as the root
itself.
It's no different than if you were to run a parent zone, plus
delegate one or more child zones to yourself.
Now, if you try to mix an internal root with a nameserver that is
supposed to communicate with the outside world, that is likely to run
into some problems.
If you have only the one machine, then run separate instances of
BIND which are configured to listen to port 53 on different IP
addresses. One IP address would be for your internal root, the other
would be for your external authoritative server.
But you'd be much better off using separate machines. That way
there would never be any confusion as to which machine is looking at
what data and serving which clients, etc....
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-users
mailing list