> There seem be three options roughly: > > 1) Use .foo TLD which isn't used on the Internet ( dangerous ). > > 2) Use globally registered domain name ( wasteful ). > > 3) Use a subdomain of a globally registered domain name ( limiting ).
No, there's a fourth option. Use "split horizon" DNS: http://en.wikipedia.org/wiki/Split-horizon_DNS This is how I do it and it is reasonable, particularly considering you shouldn't mix your internal name servers and your external ones (for multiple security reasons). So basically, you buy a domain, but don't "waste" it on just internal use. You provide one set of records internally on that domain, but provide a different/sub-set of that externally with a different DNS service (could be on same box, but with different configs). There are limitations to this approach in scenarios where you want split-tunnel VPNs, but it seems most people don't want that right now. If you would like some tips on how to do this with djbdns, ping me off list. I don't recommend using BIND for this. Considering what I've learned about the mentality of BIND developers from my discussions with them in the past, I don't wish the pain of using it on anyone. HTH, tim _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
