RE: Separate DNS slaves as internal and external

2018-03-22 Thread Lightner, Jeffrey 
You can use views for internal and external.   Just create a secondary IP on 
the same NIC you're using as primary on each hosts.  Set the transfer hosts for 
the external view using the primary IP on the NIC and the ones for the internal 
view on the secondary NICs.

You can set ACLs that say which items should use the internal view and which 
should use the external view.



-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of 
McDonald, Daniel (Dan)
Sent: Thursday, March 22, 2018 4:42 PM
To: King, Harold Clyde (Hal); Bind Users
Subject: Re: Separate DNS slaves as internal and external

I've hidden those sort of things using response policy zones.

On 3/19/18, 6:34 AM, "bind-users on behalf of King, Harold Clyde (Hal)" 
<bind-users-boun...@lists.isc.org on behalf of h...@utk.edu> wrote:

I have DNS slaves for internal and external entities. I don't know how to 
work the NS records so that outside users would only get the external slave and 
internal would only get the internal slave.

How can I do this? If I put only the internal slaves with NS records 
external users query the internal servers. If I put both external users still 
see and use internal slave. If I put only external, internal users get the 
external slave. I have put the external slave in our registrar. 

Any help would be appreciated.

Thanks in advance 


-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Separate DNS slaves as internal and external

2018-03-22 Thread McDonald, Daniel (Dan) 
I've hidden those sort of things using response policy zones.

On 3/19/18, 6:34 AM, "bind-users on behalf of King, Harold Clyde (Hal)" 
 wrote:

I have DNS slaves for internal and external entities. I don't know how to 
work the NS records so that outside users would only get the external slave and 
internal would only get the internal slave.

How can I do this? If I put only the internal slaves with NS records 
external users query the internal servers. If I put both external users still 
see and use internal slave. If I put only external, internal users get the 
external slave. I have put the external slave in our registrar. 

Any help would be appreciated.

Thanks in advance 


-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Separate DNS slaves as internal and external

2018-03-19 Thread wbrown 
From: "G.W. Haywood via bind-users" 

> On Mon, 19 Mar 2018, King, Harold Clyde wrote:
> 
> > I have DNS slaves for internal and external entities. I don't know
> > how to work the NS records so that outside users would only get the
> > external slave and internal would only get the internal slave.
> >
> > How can I do this? ...
> 
> You could use a firewall to route the queries as required.
> 
> You might look at Bind 'Views', for example see the Cricket book.

Or use different instances of bind for internal and external resolution. 
Hardly any extra cost if using virtual servers. Simplifies bind 
configuration at the expense of maintaining double the number of servers. 



Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Separate DNS slaves as internal and external

2018-03-19 Thread G.W. Haywood via bind-users 

Hi there,

On Mon, 19 Mar 2018, King, Harold Clyde wrote:


I have DNS slaves for internal and external entities. I don't know
how to work the NS records so that outside users would only get the
external slave and internal would only get the internal slave.

How can I do this? ...


You could use a firewall to route the queries as required.

You might look at Bind 'Views', for example see the Cricket book.

--

73,
Ged.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users