Strange problem

[Måns Nilsson]

--On måndag, måndag 25 jun 2007 09.14.57 -0700 Clenna Lumina
<savagebeaste at yahoo.com> wrote:
>>> Any flaws or problems here, or something I missed? (I'm asking this
>>> for educational benefit, as one never knows if they'll done day need
>>> it :)
>> >> It is over-engineered, but nothing else.
> 
> Is there a beter way to do it? The scenario I posed was just something I 
> jotted down on the fly.

I do not believe in split DNS and blocking things, however I recognize the
need for such legacy. Hidden masters may be cool, for upscale stuff like
ccTLDen. Otherwise, I'd just do like so:
	(all names and IP addresses are example values)

namn.se.	NS	master.namn.se.
namn.se.	NS	slave.namn.se.
namn.se.	NS	extserver.localhost.se.
master.namn.se.	A	192.0.2.1
slave.namn.se.	A	192.0.2.2

(extserver is somewhere else, connected via another ISP)

/* This is the master named.conf */ 
zone "namn.se" {
	type master; 
	allow-transfer { any; };
	file "master/namn.se";
};

/* This is the slave named.conf */
zone "namn.se" {
	type slave;
	allow-transfer { any; };
	file "slave/namn.se";
	masters {
		192.0.2.1;
	};
};

/* This is the extslave named.conf */
zone "namn.se" {
	type slave;
	allow-transfer { any; };
	file "slave/namn.se";
	masters {
		192.0.2.1;
		192.0.2.2;
	};
};

...which is cool and works really nice. Simple, easy to debug and so on. If
at all possible, I'd avoid using stuff like split DNS and non-routed
addresses, because the DNS is about everybody getting the same data and
keeping things simple. This config will get anyone with ability to query
the public DNS the right data in a speedy manner with minimal fuss. Which
is what we want, for the most part. 

-- 
MÃ¥ns Nilsson                     Systems Specialist
+46 70 681 7204   cell                       KTHNOC
+46 8 790 6518  office                  MN1334-RIPE

First, I'm going to give you all the ANSWERS to today's test ...  So
just plug in your SONY WALKMANS and relax!!