On Fri, 2005-09-23 at 16:28 -0600, Andy Bradford wrote: > If BIND wasn't a requirement, you could do split-horizon on one server: > > http://cr.yp.to/djbdns/tinydns-data.html#differentiation > > I have set this up for split-horizon before and it works great.
Well like I said, our architecture disallows split-horizon since the DNS for the inside cannot be in the DMZ, where it would have to be to serve the outside. BIND9 does fine at split-horizon if we needed that. As for djbdns, I try to avoid software by Bernstein. I'm not convinced that it's as secure as people claim and I don't like him nor his software license. And I'm also not convinced that it would scale in an enterprise. BIND9 is proven (for good and bad) and it the enterprise standard. One of the first things I did in my present job was to kill of qmail and replace it with sendmail (which I do know how to configure, believe it or not). As I recall we were running a version of djbdns when I first got here too, in a limited way. We killed that off too. Michael > > Andy > -- > GnuPG ID 0xA63888C9 (D2DA 68C9 BB2B 26B4 8204 2219 A43E F450 A638 88C9) > [-----------[system uptime]--------------------------------------------] > 4:27pm up 95 days, 1:05, 1 user, load average: 1.00, 1.00, 1.00 -- Michael Torrie <[EMAIL PROTECTED]> /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
