delegation of subdomains

Markus Boehmer boehmerm at gmx.net
Fri Oct 12 06:29:29 UTC 2007 

-------- Original-Nachricht --------
> Datum: Thu, 11 Oct 2007 18:55:18 -0400
> Von: Kevin Darcy <kcd at chrysler.com>
> An: bind-users at isc.org
> Betreff: Re: delegation of subdomains

> It's a bad practice to put private addresses in publically-visible 
> zones, because it results in bogus DNS traffic. This is the kind of 
> thing views were created to prevent: put the private addresses in the 
> internal view so that only internal clients see those addresses.
> 
> - Kevin
> 

Hello Kevin,

I don't know if they are the right thing in my case.
The dns server which has the schaefer-shop.de zone ist completely outside the company lan and the server fpr the mw.schaefer-shop.de zone is inside, so on the second server there is no need for a view, because it has private addresses and is in an private network.

And the first server has in the open zone schaefer-shop.de only a delegation to the internal server, the entries are:

mw.schaefer-shop.de. IN NS webhost.mw.schaefer-shop.de.
webhost.mw.schaefer-shop.de. IN A 10.19.155.90

If there is a way of which I don't know how to put these entries in a view, then I sure will do this.

Greetings
Markus

> Markus Boehmer wrote:
> >> On Thu, Oct 04, 2007 at 06:49:14AM -0700, Markus Boehmer wrote:
> >>     
> >>> 1. Domain is "def.gh" - DNS-server is somewhere outside the company
> >>> lan with internet access and is reachable from the internet
> >>>
> >>> 2. Domain to delegate is abc.def.gh - DNS-server is inside the company
> >>> lan, has internet access, but is not reachable from the internet.
> >>>
> >>>       
> >> Having the delegation visible worldwide would be a lame delegation for
> >> clients not on the local network, which I consider a config error.
> >>
> >> Greetings
> >> Marc
> >>     
> >
> > Hi Marc and everyone else,
> >
> > here's another problem.
> >
> > I would prefer the "lame method" for various reasons, being
> > here in our company network.
> >
> > The "outside" Server ist nsr1.4smr.net, authoritative for the zone
> "schaefer-shop.de".
> >
> > This one should now delegate "mw.schaefer-shop.de" to our internal
> Server with the IP-Address 10.19.155.90, who is already up and running, so that
> other nameservers in our company network can find our subdomain
> mw.schaefer-shop.de.
> >
> > The admin responsible for ns1.4smr.net now told me, that he can't
> delegate, because our internal nameserver can not be reached or reverse looked
> up.
> >
> > Is this possible? I thought, that entries in the schaefer-shop.de. zone
> > files like:
> > mw    86400    IN    NS    webhost.mw.schaefer-shop.de.
> > webhost.mw.schaefer-shop.de.  86400  IN  A  10.19.155.90
> >
> > would be enough.
> >
> > Have I understood this wrong? I read DNS & Bind from O'Reilly and I
> think,
> > that the above mentioned would be enough.
> >
> > With this configuration, computers within our company network should be
> able to find our zone and computers outside the company network have simply
> a weird looking dns record.
> >
> > Regards
> > Markus
> >
> >   
> 

-- 
Per humanitatem ad pacem
Durch Menschlichkeit zum Frieden

More information about the bind-users mailing list