Connecting VPNned namespaces
Chris Buxton
cbuxton at menandmice.com
Thu Oct 11 16:22:07 UTC 2007
There are several ways to solve the problem, each with slightly
different mechanism but the same effect for users. Use stub zones,
slave zones, or forward zones.
For example, using stub zones on the Campbell's server:
options {
// no forwarders statement
}
zone "tate.local" {
type stub;
masters { 192.168.77.1; };
};
(If you do have a forwarders statement in options, add an empty
forwarders statement into the stub zone.)
The result of this is, if there is a recursive query ending in
"tate.local" sent to the Campbell server, that server will send an
iterative query to the tate.local server.
If you change the zone type from "stub" to "forward" and change
"masters" to "forwarders", the difference is that the query from one
server to the other is recursive. In this case, that's probably a
meaningless difference.
If instead you use a slave zone (replace "stub" with "slave" in the
example above, and leave the "masters" line unchanged), then each
server will get a copy of the other server's zone and answer
authoritatively for that zone. This can introduce change latency (up
to several hours, depending on the refresh timer length) into the
process unless you also add an NS record for the other server to each
zone. On the other hand, responses to queries will be slightly
faster, since each server will have both zones hosted locally.
Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone: +354 412 1500
Email: cbuxton at menandmice.com
www.menandmice.com
Men & Mice
We bring control and flexibility to network management
This e-mail and its attachments may contain confidential and
privileged information only intended for the person or entity to
which it is addressed. If the reader of this message is not the
intended recipient, you are hereby notified that any retention,
dissemination, distribution or copy of this e-mail is strictly
prohibited. If you have received this e-mail in error, please notify
us immediately by reply e-mail and immediately delete this message
and all its attachment.
On Oct 11, 2007, at 7:25 AM, Bertram Scharpf wrote:
> Hi,
>
>
> I'm not an experienced network maintainer but I successfully
> set up two local networks with two name servers. Now I
> connected them over a VPN. Say there are:
>
> 192.168.77.1 jessica.tate.local
> 192.168.77.2 chester.tate.local
> 192.168.77.3 billy.tate.local
>
> 192.168.88.1 mary.campbell.local
> 192.168.88.2 burt.campbell.local
> 192.168.88.3 chuck.campbell.local
>
> The Tate's "resolv.conf"s point to 192.168.77.1 and the Campbell's
> ones point to 192.168.88.1 .
>
> Now I want a request for e. g. billy.tate.local on the
> Campbell side to be redirected to 192.168.77.1 and vice
> versa. Could anyone give me a hint how this is designed
> best?
>
> Thanks in advance,
>
> Bertram
>
>
> --
> Bertram Scharpf
> Stuttgart, Deutschland/Germany
> http://www.bertram-scharpf.de
>
>
More information about the bind-users
mailing list