Hi everyone, I'm hoping that someone on the list will say to me "yep, this can be done", or "no, you're dreamin', dude!", given the following problem:
I'm in the middle of implementing split DNS for my employer, and am thinking about using Bind's "views" capabilities to support the split-dns concept. As the Internet DNS server (the one I'm implementing) is sitting in a secure DMZ (with all servers multi-homed), "views" should work really well, as I can give out RR's based on where the querying server is located within the DMZ. For machines on the internal network, different RR's again should be returned (ie they should see the IP addresses for the internal interface of the servers in the DMZ, and not the external interfaces). Ok? I've configured Bind with this in mind, and have three views defined: * An Internet view - which only contains valid Internet IP addresses * An "DMZ" view - which only contains records for machines in the DMZ * An "internal" view - contains records for machines in the DMZ, which may or may not be different to those in the DMZ view. I've done some testing, and this setup is working so far. However, if I query (from the DMZ view) for a server that is not within the DMZ view, I get an "NXDOMAIN" (no such domain) error message. Ok.... I added forwarders to the DMZ view, pointing to the Primary DNS server sitting on the internal network, thinking that if the server can't resolve the domain itself, it will forward the request on to one of the forwarders. However, I still get an NXDOMAIN error message. I believe that, because the DMZ view is configured as a primary, Bind is stopping there, and not following the forwarders. Unfortunately, the machines in the DMZ have the same domain address as those in the internal network, otherwise this would not be a problem. I suppose, what I'm hoping for here, is to have multiple primary name servers? -- Rebecca Richards http://www.becsta.[com|net|org] mail:[EMAIL PROTECTED]|net|org] -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
