Connecting VPNned namespaces

Chris Buxton cbuxton at menandmice.com
Thu Oct 11 16:22:07 UTC 2007 

There are several ways to solve the problem, each with slightly  
different mechanism but the same effect for users. Use stub zones,  
slave zones, or forward zones.

For example, using stub zones on the Campbell's server:

options {
	// no forwarders statement
}

zone "tate.local" {
	type stub;
	masters { 192.168.77.1; };
};

(If you do have a forwarders statement in options, add an empty  
forwarders statement into the stub zone.)

The result of this is, if there is a recursive query ending in  
"tate.local" sent to the Campbell server, that server will send an  
iterative query to the tate.local server.

If you change the zone type from "stub" to "forward" and change  
"masters" to "forwarders", the difference is that the query from one  
server to the other is recursive. In this case, that's probably a  
meaningless difference.

If instead you use a slave zone (replace "stub" with "slave" in the  
example above, and leave the "masters" line unchanged), then each  
server will get a copy of the other server's zone and answer  
authoritatively for that zone. This can introduce change latency (up  
to several hours, depending on the refresh timer length) into the  
process unless you also add an NS record for the other server to each  
zone. On the other hand, responses to queries will be slightly  
faster, since each server will have both zones hosted locally.

Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone:   +354 412 1500
Email:   cbuxton at menandmice.com
www.menandmice.com

Men & Mice
We bring control and flexibility to network management

This e-mail and its attachments may contain confidential and  
privileged information only intended for the person or entity to  
which it is addressed. If the reader of this message is not the  
intended recipient, you are hereby notified that any retention,  
dissemination, distribution or copy of this e-mail is strictly  
prohibited. If you have received this e-mail in error, please notify  
us immediately by reply e-mail and immediately delete this message  
and all its attachment.



On Oct 11, 2007, at 7:25 AM, Bertram Scharpf wrote:

> Hi,
>
>
> I'm not an experienced network maintainer but I successfully
> set up two local networks with two name servers. Now I
> connected them over a VPN. Say there are:
>
> 192.168.77.1  jessica.tate.local
> 192.168.77.2  chester.tate.local
> 192.168.77.3  billy.tate.local
>
> 192.168.88.1  mary.campbell.local
> 192.168.88.2  burt.campbell.local
> 192.168.88.3  chuck.campbell.local
>
> The Tate's "resolv.conf"s point to 192.168.77.1 and the Campbell's
> ones point to 192.168.88.1 .
>
> Now I want a request for e. g. billy.tate.local on the
> Campbell side to be redirected to 192.168.77.1 and vice
> versa. Could anyone give me a hint how this is designed
> best?
>
> Thanks in advance,
>
> Bertram
>
>
> -- 
> Bertram Scharpf
> Stuttgart, Deutschland/Germany
> http://www.bertram-scharpf.de
>
>

More information about the bind-users mailing list