On Friday 05 June 2009 12:04:28 pm you wrote: > > we are using a combination of host files and > > DNS from our AD system currently. > > I'm not the final authority at all of this, but > I maintain a similar arrangement for my > company, so let me see if I can assist. First > off, probably best to minimize or eliminate the > host files, as they are simply likely to cause > confusion down the line. It's best to > centralize name services under one model > whenever possible. Do so once you have bind > configured the way you want it to be. > > > Our internal > > domain is "intdomain", our (primary) external > > domains are "external.com" & > > "externalinfo.com". > > > > Our internal windows machines need to > > point "externalinfo.com" to our outside > > production IPs at the colo but our linux > > machines need the names to resolve to their > > inside IPs. So I would like to have a DNS > > server at the COLO that the RH machines can > > get internal addresses from for > > "externalinfo"/"external" outside and relay > > requests for internal to the AD server. > > > > Would someone be kind enough to help me flesh > > out how to set this up or, if there are > > example setup scenarios out there, where I > > might find them. > > You didn't specify clearly whether 'intdomain' > is actually a real and separate domain, as in > 'intdomain.com', or if it is a different 'view' > from 'external.com', as defined by bind's > 'views' capabilities. Clarifying that would be > helpful in any assistance we might be able to > provide. > > Next, it would be helpful to clarify whether > you wish, or have any intention of running > nameservers at your office location, or want to > have them only running at your colo. It sounds > like you are equipped to provide service for > you office internally, and if that is the > intention, we can steer you appropriately. From > the look of your goals regarding your local > linux boxes, this is probably the best plan, > though it is actually possible (though not > terribly logical) to have these computers > seeing internal records from a remote server. > > Your goals are lofty enough to warrant picking > up the O'Reilly DNS & BIND book, and spending > an evening inside it, or by reading the BIND > documentation, which is more up-to-date, though > a hair less personable a read. > > Get back on these matters, and we can go from > there. > > Steven
Steven, Thanks for the great reply! The project was just passed along to me (and so I jumped on the list immediately to get help), so I still need to pull together details. Your post is helpful in allowing me to ask the right questions. More details to follow as I get them. And, boy, do I appreciate the help, as unemployment is not an option! Also, I'll get a copy of the O'Reilly book. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
