Greg Choules via bind-users wrote:
> What would be better (IMHO) is for you to keep "example.com" as your
> external zone in an external (hopefully in a DMZ) primary server,
> serving the world with public addresses they need to reach, and
> internally create a new zone -
and manage two different dns packages.
Verne Britton
From: bind-users On Behalf Of Nick Howitt
via bind-users [*]
Sent: Saturday, November 4, 2023 3:42 PM
To: bind-users@lists.isc.org
Subject: Re: How should I configure internal and external DNS servers
Thanks for the reply. Interesting.
Option
Hi Nick.
First question, does the internal zone *have* to keep the same name? As has
been said already, this is a fairly common setup done by people a long time
ago who usually didn't think through the consequences of their actions.
What follows assumes you could change the name of the internal
* That sounds like a sadly normal implementation but yes you can do better
* Views is a good place to look https://kb.isc.org/docs/aa-00851
* Make sure to investigate how the company VPN services handle DNS as it
may surprise you
On Fri, Nov 3, 2023 at 9:52 AM Nick Howitt via bind-users <
Am 04.11.2023 um 19:41:44 Uhr schrieb Nick Howitt via bind-users:
> Thanks for the reply. Interesting.
> Option A - It works but I would like to stop maintaining two
> different servers with the same data.
> Option B - I have no chance of getting the company to agree to IPv6.
Then you are in a
Unfortunately, redesigning the internal zone is way beyond the scope of
what I can do, but thanks for the info.
On 04/11/2023 13:40, Greg Choules wrote:
Hi Nick.
First question, does the internal zone *have* to keep the same name?
As has been said already, this is a fairly common setup done
As on other replies, a different internal zone is a huge project for the
company, not a quick win, unfortunately.
On 04/11/2023 08:55, Michael Richardson wrote:
Given VPNs, RemoteAccess and the like, I strongly recommend against split-DNS
configurations. They were great ideas in 1993, when
Thanks for the reply. Interesting.
Option A - It works but I would like to stop maintaining two different
servers with the same data.
Option B - I have no chance of getting the company to agree to IPv6.
Option C - From your summary, does not appear to remove the requirement
to maintain the
Given VPNs, RemoteAccess and the like, I strongly recommend against split-DNS
configurations. They were great ideas in 1993, when all sites were concave,
but that's just not the case anymore.
Instead, I recommend having a sub-zone, "internal.example.com", or some other
convenient name. Put a
Am 04.11.2023 15:03 schrieb Nick Tait via bind-users:
> I only included this because the idea had been put forward already.
> But even if the logistics of assigning public IPv6 addresses to your
> internal hosts was palatable to you, you'd also want to think about
> whether you are comfortable
Hi Nick.
Your current set-up sounds like a fairly common configuration. And
depending on your requirements there are a number of options that you
might consider.
But let's start with requirements: I've made some assumptions - please
advise if I've got any of this wrong?:
* You have two
Am 03.11.2023 um 20:12:59 Uhr schrieb Nick Howitt via bind-users:
> I have those lines, but if I remove them, then presumably I cannot
> have internal overrides anywhere, like a hosts file would or like
> dnsmasq would?
BIND doesn't care about /etc/hosts.
If you make it authoritative for a zone,
On 03/11/2023 20:07, Marco M. wrote:
Am 03.11.2023 um 19:54:32 Uhr schrieb Nick Howitt:
How do you mean remove the zone information?
In your /etc/bind are configuration files.
Look for named.conf* and find those that include zones:
zone "f.8.1.1.0.7.1.0.1.0.a.2.ip6.arpa" {
type master;
Am 03.11.2023 um 19:54:32 Uhr schrieb Nick Howitt:
> How do you mean remove the zone information?
In your /etc/bind are configuration files.
Look for named.conf* and find those that include zones:
zone "f.8.1.1.0.7.1.0.1.0.a.2.ip6.arpa" {
type master;
file
On 03/11/2023 19:30, Marco M. wrote:
Am 03.11.2023 um 19:18:49 Uhr schrieb Nick Howitt via bind-users:
Can the bind-internal not be made to caching only and not
authoritative? If so, how?
Of course it can, simply remove the zone configuration, but it will
then cache the records from the
Am 03.11.2023 um 19:18:49 Uhr schrieb Nick Howitt via bind-users:
> Can the bind-internal not be made to caching only and not
> authoritative? If so, how?
Of course it can, simply remove the zone configuration, but it will
then cache the records from the authoritative server (your
Am 03.11.2023 um 19:15:45 Uhr schrieb Nick Howitt via bind-users:
> You are preaching to the converted, but we have a huge mix of SLES
> 11, Ubuntu 16, 18, 20 and 22 machines + Windows Server 2016. Getting
> them all current is a long term project and it has to go through all
> sorts of customer
for Android <https://aka.ms/AAb9ysg>
*From:* bind-users on behalf of Nick
Howitt via bind-users
*Sent:* Friday, November 3, 2023 1:58:51 PM
*To:* bind-users@lists.isc.org
*Subject:* Re: How should I configure in
On 03/11/2023 18:06, Marco M. wrote:
Am 03.11.2023 um 17:58:51 Uhr schrieb Nick Howitt via bind-users:
On 03/11/2023 17:54, Marco M. wrote:
Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
My problem is the use of external IP's duplicated between the
internal and external
e: How should I configure internal and external DNS servers
On 03/11/2023 17:54, Marco M. wrote:
Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
My problem is the use of external IP's duplicated between the
internal and external masters for some IPs/FQDNs which I want to g
Am 03.11.2023 um 17:58:51 Uhr schrieb Nick Howitt via bind-users:
> On 03/11/2023 17:54, Marco M. wrote:
> > Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
> >
> >> My problem is the use of external IP's duplicated between the
> >> internal and external masters for some
On 03/11/2023 17:54, Marco M. wrote:
Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
My problem is the use of external IP's duplicated between the
internal and external masters for some IPs/FQDNs which I want to get
rid of.
Implement IPv6 and get rid of the old IPv4
Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
> My problem is the use of external IP's duplicated between the
> internal and external masters for some IPs/FQDNs which I want to get
> rid of.
Implement IPv6 and get rid of the old IPv4 technology for internal
communication.
It
On 03/11/2023 17:17, Marco M. wrote:
Am 03.11.2023 um 15:51:32 Uhr schrieb Nick Howitt via bind-users:
As this site is externally accessible as well, we also have to put an
identical entry in bind-external so we end up having many identical
entries in bind-internal and bind-external.
It seems
Am 03.11.2023 um 15:51:32 Uhr schrieb Nick Howitt via bind-users:
> As this site is externally accessible as well, we also have to put an
> identical entry in bind-external so we end up having many identical
> entries in bind-internal and bind-external.
It seems they people who set that up
Hmm, I'll admit to only skim reading it but is seems quite complicated
for what I was hoping for. It would be trivial if I could change the
bind-internal machine to using dnsmasq (ugh!). Then the bind-internal
machine would serve up anything it explicitly knew about to the internal
clients,
Hi,
I am fairly new to bind but I am thinking my company's use of it is
sub-optimal. We have two bind masters (and a few slaves), one for
internal use so all our internal servers point to it or its slaves as
their DNS resolvers. I will call the internal one bind-internal and the
external one
27 matches
Mail list logo