delegation of subdomains
Kevin Darcy
kcd at chrysler.com
Thu Oct 11 22:55:18 UTC 2007
It's a bad practice to put private addresses in publically-visible
zones, because it results in bogus DNS traffic. This is the kind of
thing views were created to prevent: put the private addresses in the
internal view so that only internal clients see those addresses.
- Kevin
Markus Boehmer wrote:
>> On Thu, Oct 04, 2007 at 06:49:14AM -0700, Markus Boehmer wrote:
>>
>>> 1. Domain is "def.gh" - DNS-server is somewhere outside the company
>>> lan with internet access and is reachable from the internet
>>>
>>> 2. Domain to delegate is abc.def.gh - DNS-server is inside the company
>>> lan, has internet access, but is not reachable from the internet.
>>>
>>>
>> Having the delegation visible worldwide would be a lame delegation for
>> clients not on the local network, which I consider a config error.
>>
>> Greetings
>> Marc
>>
>
> Hi Marc and everyone else,
>
> here's another problem.
>
> I would prefer the "lame method" for various reasons, being
> here in our company network.
>
> The "outside" Server ist nsr1.4smr.net, authoritative for the zone "schaefer-shop.de".
>
> This one should now delegate "mw.schaefer-shop.de" to our internal Server with the IP-Address 10.19.155.90, who is already up and running, so that other nameservers in our company network can find our subdomain mw.schaefer-shop.de.
>
> The admin responsible for ns1.4smr.net now told me, that he can't delegate, because our internal nameserver can not be reached or reverse looked up.
>
> Is this possible? I thought, that entries in the schaefer-shop.de. zone
> files like:
> mw 86400 IN NS webhost.mw.schaefer-shop.de.
> webhost.mw.schaefer-shop.de. 86400 IN A 10.19.155.90
>
> would be enough.
>
> Have I understood this wrong? I read DNS & Bind from O'Reilly and I think,
> that the above mentioned would be enough.
>
> With this configuration, computers within our company network should be able to find our zone and computers outside the company network have simply a weird looking dns record.
>
> Regards
> Markus
>
>
More information about the bind-users
mailing list