question about split DNS
Jonathan Horne
freebsd at dfwlp.com
Sat Jul 29 04:14:23 UTC 2006
On Friday 28 July 2006 21:30, Barry Margolin wrote:
> In article <eaeggi$1038$1 at sf1.isc.org>,
>
> Jonathan Horne <freebsd at dfwlp.com> wrote:
> > ive been reading this page trying to understand exactly how the
> > configuration works:
> >
> > http://www.isc.org/sw/bind/arm93/Bv9ARM.ch04.html#id2549203
> >
> > but its looking like in the end, i still have to run 2 seperate DNS
> > servers. is it possible to serve one zone file to internal hosts, while
> > serving another zone file to external hosts... but both zones are
> > [example.com] and both served from the same server?
> >
> > ideally, i would like to accomplish both internal and external views from
> > the same server, if at all possible.
>
> You can do it in a single server by using the "views" feature of BIND 9.
> It looks like that web page was never updated for BIND 9, so it still
> shows the way to do it in BIND 8, which requires separate servers.
thank you barry! it seems just needed to adjust my google search terms, and i
found exactly what i was looking for. in the end, this article showed
examples that i used to create and test a working sample of my dev domain,
that speaks one way to some clients, and another to other clients.
http://www.oreillynet.com/pub/a/oreilly/networking/news/views_0501.html
interestingly, it seems that the views method seems respect top to bottom
first-match order of their listing on the named.conf. my original sample had
my external (any) zone at top, and my internal hosts obviously match the
(any) category. a switch of my internal view to the top, and everything was
right.
my next questions in this project are:
1) can the acl localnets be redefined safely (i would like to consider my
other sites that connect over vpn to be considered localnets), or should i
just stick with defining a new acl, such as 'corpnets' and going with that?
2) what should i do with my localhost and roothint zones? should they be in
internal or external view? right now, i have them in external, and while
they might appear to be working correctly, i would like to know if it would
be better to have them in the internal only.
cheers,
jonathan
More information about the bind-users
mailing list