How should I configure internal and external DNS servers
Nick Howitt
nick at howitts.co.uk
Fri Nov 3 19:18:49 UTC 2023
Unfortunately they are not separate subdomains. They are all part of the
same domain. Can the bind-internal not be made to caching only and not
authoritative? If so, how?
On 03/11/2023 19:01, Andrew Pavlin wrote:
> Have you considered making your internal DNS servers unpublished
> secondaries for the external domain data? Just because the external
> primary DNS server is configured to allow an internal server to do
> domain transfers does not mean that internal server's identity has to be
> published in external domain NS records.
>
> That way, only the external primary server authoritatively defines the
> external records, but the internal servers can authoritatively deliver
> those records as secondaries.
>
> Of course, this only works if the internal and external data records are
> clearly separated in different subdomains or zones.
>
> Andrew Pavlin
>
> Powered by Cricket Wireless
> Get Outlook for Android <https://aka.ms/AAb9ysg>
> ------------------------------------------------------------------------
> *From:* bind-users <bind-users-bounces at lists.isc.org> on behalf of Nick
> Howitt via bind-users <bind-users at lists.isc.org>
> *Sent:* Friday, November 3, 2023 1:58:51 PM
> *To:* bind-users at lists.isc.org <bind-users at lists.isc.org>
> *Subject:* Re: How should I configure internal and external DNS servers
> On 03/11/2023 17:54, Marco M. wrote:
>> Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
>>
>>> My problem is the use of external IP's duplicated between the
>>> internal and external masters for some IPs/FQDNs which I want to get
>>> rid of.
>> Implement IPv6 and get rid of the old IPv4 technology for internal
>> communication.
>>
>> It is a big task, but after it is being done, many nasty stuff is gone
>> like NAT hairpinning or split-DNS.
> Not remotely on the cards with 200+ servers and so on, I'm afraid. Some
> of the servers are too old, I think for IPv6 - SLES 11.
>
> Really I am looking to see if it is possible to turn the internal DNS
> server, bind-internal, into a caching server and help with how to do it.
> Or not to do it if it is a bad idea.
More information about the bind-users
mailing list