On 2014-03-10 22:23, Kevin Darcy wrote:
Options:
First, thanks a lot for the reply! So it seems what I described is indeed the expected behaviour for the type of DNS we operate?
1) Change nameservice-switch order (e.g. /etc/nsswitch.conf) on your hosts to prefer another source of name resolution (e.g. /etc/hosts) which can resolve the shortname. Thus DNS is never used for these lookups
This might be a solution but I find that our DNS setup is just complex enough that relying on /etc/hosts would probably introduce more problems. Then there's managing /etc/hosts on hundreds of machines, which we could of course do with Puppet, but I find that highly unappealing. Currently we use Puppet to ensure /etc/hosts contains just "127.0.0.1 localhost" and nothing else.
2) Simply :-) change your DNS architecture fundamentally, from one which forwards requests to the Internet by default (aka "the Microsoft way"), to one with an internal root zone and conditionally forwarding only those parts of the namespace that your internal clients actually need to see.
I confess that I didn't think there was any feasible way other than what you call "the Microsoft way" to operate this kind of internal DNS. I also don't think I've ever consciously heard of the setup you describe. Can you point me to some reading material on what this entails and how to get there?
Thanks again! Andreas
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
