delegation of subdomains

Kevin Darcy kcd at chrysler.com
Thu Oct 11 22:55:18 UTC 2007 

It's a bad practice to put private addresses in publically-visible 
zones, because it results in bogus DNS traffic. This is the kind of 
thing views were created to prevent: put the private addresses in the 
internal view so that only internal clients see those addresses.

- Kevin

Markus Boehmer wrote:
>> On Thu, Oct 04, 2007 at 06:49:14AM -0700, Markus Boehmer wrote:
>>     
>>> 1. Domain is "def.gh" - DNS-server is somewhere outside the company
>>> lan with internet access and is reachable from the internet
>>>
>>> 2. Domain to delegate is abc.def.gh - DNS-server is inside the company
>>> lan, has internet access, but is not reachable from the internet.
>>>
>>>       
>> Having the delegation visible worldwide would be a lame delegation for
>> clients not on the local network, which I consider a config error.
>>
>> Greetings
>> Marc
>>     
>
> Hi Marc and everyone else,
>
> here's another problem.
>
> I would prefer the "lame method" for various reasons, being
> here in our company network.
>
> The "outside" Server ist nsr1.4smr.net, authoritative for the zone "schaefer-shop.de".
>
> This one should now delegate "mw.schaefer-shop.de" to our internal Server with the IP-Address 10.19.155.90, who is already up and running, so that other nameservers in our company network can find our subdomain mw.schaefer-shop.de.
>
> The admin responsible for ns1.4smr.net now told me, that he can't delegate, because our internal nameserver can not be reached or reverse looked up.
>
> Is this possible? I thought, that entries in the schaefer-shop.de. zone
> files like:
> mw    86400    IN    NS    webhost.mw.schaefer-shop.de.
> webhost.mw.schaefer-shop.de.  86400  IN  A  10.19.155.90
>
> would be enough.
>
> Have I understood this wrong? I read DNS & Bind from O'Reilly and I think,
> that the above mentioned would be enough.
>
> With this configuration, computers within our company network should be able to find our zone and computers outside the company network have simply a weird looking dns record.
>
> Regards
> Markus
>
>

More information about the bind-users mailing list