Mixing Authority?

[Kevin Darcy]

kevin wrote:

>When I set up my caching server using the DNS-Howto some years ago I
>settled on a domain "homenet.curranfamilynet" and made my local DNS server
>the authority for that zone.  Since then I've registered a domain,
>curranfamilynet.net, and use ZoneEdit as the authoritative nameserver for
>the zone.
>
>So, for example, fluffy is the multihomed computer facing the LAN and the
>net and, per dig for the LAN fluffy:
>
>;; QUERY SECTION:
>;;      fluffy.homenet.curranfamilynet, type = A, class = IN
>
>;; ANSWER SECTION:
>fluffy.homenet.curranfamilynet.  1D IN A  192.168.1.1
>
>;; AUTHORITY SECTION:
>homenet.curranfamilynet.  1D IN NS  fluffy.homenet.curranfamilynet.
>
>
>And per dig for the WAN fluffy:
>
>;; QUERY SECTION:
>;;      fluffy.curranfamilynet.net, type = A, class = IN
>
>;; ANSWER SECTION:
>fluffy.curranfamilynet.net.  5M IN A  66.67.206.125
>
>;; AUTHORITY SECTION:
>curranfamilynet.net.    2H IN NS        ns18.zoneedit.com.
>curranfamilynet.net.    2H IN NS        ns19.zoneedit.com.
>
>
>
>The hosts on my LAN go by the name xxx.homenet.curranfamilynet but
>I want to change them to xxx.curranfamilynet.net and still be able to type
>"ssh fluffy" and have fluffy resolve to 192.168.1.x because the SSH port
>is blocked on the WAN interface.
>
>Is it safe to set up a local authoritative zone for curranfamilynet.net
>for my LAN hosts and have an outside, official authoritative zone hosted
>by ZoneEdit for everyone else? I cannot put routeable IP addresses on the
>LAN hosts.
>
Yeah, sure, having internal and external versions of the same zone is 
not only possible, but very common. It can create a little extra 
complexity for things that are name-sensitive and exist on both the 
inside and outside, e.g. mail routing, SSL. But that complexity is a 
necessary evil and manageable.

                                                                         
                                             - Kevin