On Jun 18, 2009, at 9:08 AM, Joseph S D Yao wrote:
On Thu, Jun 18, 2009 at 07:44:38AM -0700, Chris Buxton wrote:
...
Setting aside the DNAME record, what you're trying to accomplish is
something frequently requested - a private overlay on an otherwise
public zone that doesn't obscure the public zone. But it doesn't work
the way you want - a server that is authoritative for a zone is fully
authoritative for that zone - positively and negatively.
The only way to accomplish what you want would be to create one or
more private zones for subdomains of example.com, to cover the names
that need to resolve privately without obscuring the public data for
example.com. For example, you could create _tcp.example.com - I'd be
willing to bet that this subdomain does not exist in the public
namespace. You could then DNAME this to _tcp.example2.com, or you
could explicitly create the CNAME records you want to have.
...
I don't remember all of the original question, but ... ISTM this is
not
the only way. One may also have public and private views of the same
zone, including only the public info in the public view, but including
public and private info in the private view. I would agree if you
were
to argue that separate subdomains are a cleaner way to do this,
though.
Yes, that will absolutely work. But the OP requested a method that did
not involve managing the public data in two places.
Chris Buxton
Professional Services
Men & Mice
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
