Hi,
I am fairly new to bind but I am thinking my company's use of it is
sub-optimal. We have two bind masters (and a few slaves), one for
internal use so all our internal servers point to it or its slaves as
their DNS resolvers. I will call the internal one bind-internal and the
external one bind-external.
Bind-internal is set up as authoritative for the domain example.com.
Bind-external is also set up as authoritative for example.com.
Bind-internal has all sorts of entries resolving in the 10.30, 10.40 and
other private ranges, but it also has entries resolving to our public
IP's e.g. demo.example.com resolves to 1.2.3.4 (terminated by an F5),
which is one of our public ips (munged). As this site is externally
accessible as well, we also have to put an identical entry in
bind-external so we end up having many identical entries in
bind-internal and bind-external. We also have some other domains covered
by bind-internal with external IPs, but externally they are covered by
the domain host's DNS and they have the same issue where in
bind-internal we have some public IP's which are also in the domain
host's DNS for external access.
I have a feeling this is a sub-optimal setup, having to maintain
external IPs in both bind-internal and bind-external. Does it make sense
to stop bind-internal from being authoritative and make it a
resolver/caching name server? This way, if it does not find an entry in
bind-internal it will then go out to either bind-external or the domain
host's DNS to get the answer from the authoritative servers and then
there is no need to maintain external IPs in bind internal.
TIA,
Nick
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
