"Hidden Master" visible slave
Barry Finkel
b19141 at britaine.ctd.anl.gov
Thu Jan 12 14:54:19 UTC 2006
"carcarx at hotmail.com" <carcarx at hotmail.com> wrote:
>We want to set up a DNS server for departmental administrators to
>maintain
>their own zones, but not "mess" with our primary nameservers.
>
>Our idea is to have that "departmental" nameserver master some zones
>with our primary nameservers being the slaves for those zones, but
>we don't want the departmental server to be visible to the internet.
>
>Since the authoritative server for those zones won't be visible the
>clients should look to the visible ones (with some delay).
>
>Any docs about how to automatically avoid referrals to the departmental
>server (aside from tcp/ip rerouting trickery).
Kevin Darcy has already responded, but I think that he is misreading
your request, or reading too much into it. But I may be wrong.
Make your departmental name servers hidden; do not put their names in
NS records. Slave those zones on your name servers, the servers listed
in the NS records. When any departmental zone is updated, the DNS
NOTIFY process should cause a quick reload of the changed zone on the
slave servers, which your clients will be using for DNS resolution.
Also, if you do not want people querying the departmental name servers,
then do not include those servers in the TCP/IP definition
(i.e, resolv.conf) on the client machines.
I do not see anything more complicated here, such as departmental
nodenames that you want hidden from the Internet.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list