How should I configure internal and external DNS servers

[Andrew Pavlin]

Have you considered making your internal DNS servers unpublished secondaries for the external domain data? Just because the external primary DNS server is configured to allow an internal server to do domain transfers does not mean that internal server's identity has to be published in external domain NS records.

That way, only the external primary server authoritatively defines the external records, but the internal servers can authoritatively deliver those records as secondaries.

Of course, this only works if the internal and external data records are clearly separated in different subdomains or zones.

Andrew Pavlin

Powered by Cricket Wireless
Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Nick Howitt via bind-users <bind-users at lists.isc.org>
Sent: Friday, November 3, 2023 1:58:51 PM
To: bind-users at lists.isc.org <bind-users at lists.isc.org>
Subject: Re: How should I configure internal and external DNS servers

On 03/11/2023 17:54, Marco M. wrote:


Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:



My problem is the use of external IP's duplicated between the
internal and external masters for some IPs/FQDNs which I want to get
rid of.



Implement IPv6 and get rid of the old IPv4 technology for internal
communication.

It is a big task, but after it is being done, many nasty stuff is gone
like NAT hairpinning or split-DNS.


Not remotely on the cards with 200+ servers and so on, I'm afraid. Some of the servers are too old, I think for IPv6 - SLES 11.

Really I am looking to see if it is possible to turn the internal DNS server, bind-internal, into a caching server and help with how to do it. Or not to do it if it is a bad idea.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20231103/3a54854e/attachment-0001.htm>