Delegating and slaving of same zone - good idea or just plain stupid?
Peter Laws
plaws at ou.edu
Wed Oct 8 17:45:38 UTC 2008
Kevin Darcy wrote:
> Slave the 10.in-addr.arpa subzones on your "external" servers and ensure
> -- as you should already be doing -- that only your own
> clients/resolvers see the RFC 1918 stuff. The rest of us shouldn't and
> don't want to see your RFC 1918 dirty laundry.
Done, and of course you can't see it. What good would it do you anyway?
> As for your *internal* DNS, you can if you wish delegate 10.in-addr.arpa
> directly from your internal root zone or delegate twice, from root to
> in-addr.arpa, and then again to 10.in-addr.arpa. If you _have_ an
> internal root zone, that is: it's not clear from your post whether you
> have one or not.
Well, no, it's not set up as root if you mean zone "." It's just another
zone on the server. And if I do a dig +trace, it doesn't work of course
(the root servers have no idea what I'm smoking when I ask). I've not seen
an example of how we'd do that.
--
Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
plaws at ou.edu
-----------------------------------------------------------------------
Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank you!
More information about the bind-users
mailing list