> I think, but I'm not certain, that most of the large sites > that do this have completely different DNS content in the > two-faces i.e. it is more like two separate DNS services than > two-faces of the same DNS database. That is, the DNS outside > the firewall contain a subset of the RRs and > names, and there isn't necessarily a dynamic update path > between the two DNSes. > > Do you have examples of folks that have small setups of > two-faced DNS where e.g. dynamic DNS update works while still > keeping site-locals on the inside and global addresses > visible through both faces?
This is a good point. I think you are right - usually the internal & external DNS services have separate databases. My expectation is that when the internal DNS service resolves a name to an RR set that includes site-local addresses, then the external DNS service fails to resolve the name. This reduces the chance for confusion if you query the "wrong" DNS service or query them in the wrong order. Rich -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
