question about split DNS

[Barry Margolin]

In article <eaeova$2imv$1 at sf1.isc.org>,
 Jonathan Horne <freebsd at dfwlp.com> wrote:

> On Friday 28 July 2006 23:14, Jonathan Horne wrote:
> > my next questions in this project are:
> > 1) can the acl localnets be redefined safely (i would like to consider my
> > other sites that connect over vpn to be considered localnets), or should i
> > just stick with defining a new acl, such as 'corpnets' and going with that?

I think it's best to define your own ACLs rather than redefining the 
built-in ones, as it will cause less confusion if others need to look at 
your configuration.

> >
> > 2) what should i do with my localhost and roothint zones?  should they be
> > in internal or external view?  right now, i have them in external, and
> > while they might appear to be working correctly, i would like to know if it
> > would be better to have them in the internal only.

These zones are only needed for clients that are using your server as a 
resolver, which is presumably just your internal view.  The external 
view should have recursion disabled, and doesn't need anything other 
than the data you want to be publically visible.

> >
> 
> and a 3rd question:
> 3) for all practical purposes, the internal version and external versions are 
> the zones *are* completely differnet zone files, even tho they technically 
> represent the same name space?  therefore, their serial numbers dont 
> necessarily need to match?  and theoretically, is it ok to have different 
> sets of hosts in the internal vs external, with the intention that the 
> external one will just return "unknown host" for the ones that are omitted 
> intentionally?

Exactly.  It's just like having two different servers, as in the split 
DNS configuration described in the page you initially looked at.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***