Point taken, and I should have mentioned that it's NAT in play. I agree, it's a problem that not all firewalls can hairpin public IPs back to their private IPs, but when working with what you got sometimes the solution isn't ideal.
Frank -----Original Message----- From: Doug Barton [mailto:do...@dougbarton.us] Sent: Monday, May 30, 2011 2:19 PM To: frnk...@iname.com Cc: 'babu dheen'; bind-users@lists.isc.org Subject: Re: Split DNS Configuration in BIND On 05/30/2011 09:15, Frank Bulk wrote: > Not all firewalls can hairpin a public IP back to a private IP. We've > had to do this, too. First, firewalls don't do routing. :) > Yes, we could have create a separate zone, but that would requiring > training our staff to use on FQDN internally and another with the > customers. Easier to teach one thing to the staff and push the > complexity back on the configuration. Second, s/configuration/DNS/, which I would argue is the wrong layer. Solve routing problems at the routing layer. But I realize that there are differing opinions on this. -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
