bind on a LAN?
Kevin Darcy
kcd at daimlerchrysler.com
Tue Nov 22 20:30:26 UTC 2005
Jim wrote:
>whats the best way to host a dns solution on a LAN if my bind server is not
>going to take any queiries from the outside world and is hosted behind a
>firewall?
>I want to be able to control clients somehow on my lan so i'd need to
>control atleast 1 zone on my server. Do you recommend creating a fake domain
>name for my lan? like (ie. mylan.internal-domain.com). Or is NetBios the
>best way to go here? whats the best way to do this?
>
From the perspective purely of a DNS administrator, your best bet is
probably to register (or at least "park") a separate domain from the one
you use externally, and use that exclusively for your internal DNS. This
is a slightly better approach than just picking some bogus domain like
.internal, since it'll result in less headaches if you ever want to
selectively open up your DNS to trading partners, merge with another
business, or something like that. (My apologies if this is just for a
personal LAN, as opposed to a business, but then again, you didn't specify).
For reasons *other* than DNS administration, however, using different
domains for internal and external can complicate matters. All sorts of
things outside of DNS have dependencies on DNS names. SSL, for one
example; mail routing, for another. For this reason, many organizations
choose to use the same domain name for both their external-facing and
their internal DNS. This is a co-ordination challenge, since oftentimes
it means that the internal DNS needs to be a superset of the external
DNS, e.g. www.example.com might need to resolve in both the internal and
external DNS, implying parallel maintenance.
A compromise, I suppose, would be to use the same domain for internal
and external, but use separate subdomains, e.g. int.example.com and
ext.example.com. This way, it would only be necessary for the internal
resolvers to see the ext.example.com *zone*, which would be a lot easier
to configure and maintain than entry-by-entry synchronization.
- Kevin
More information about the bind-users
mailing list