hello,
little question .. maybe some of you already get this kind of set-up ?
we get in our belgian division some dns resolvers configured to use our
internal dns root servers. Most of the internal dns system but not all
is under the tld intranet. and 10.in-addr.arpa. this is working fine and
nothing special with this.
next to these servers we also get some dns resolvers in gateway area for
giving dns access to our servers hosted in dmz area. so these are
completely two different systems but that technically can speak with
each other.
now my question is .. we should open the internet dns resolution into
the trusted lan. I already tried some different set-up including global
forwarders but nothing found simply till now. problem with global
forwarders is that we only get the choice between "first" and "only" but
not "last".
I should find a solution configuring simply the way to first have a look
at the dns inside and if nothing found forwarding the request to the dmz
servers.
The way I use now in my lab is simply configuring a view in lan and dmz
area, both of them configured with our internal db.root file, stopping
most of the queries on internal dns resolvers with zone "intranet" {type
stub; masters {1.2.3.4;};forwarders{};}; so all my internal queries are
not forwaded to the dmz and finally configuring the dmz area to send
"com" "net" .... to the internet but as I said it this is sure not the
right way to do it.
thks to help me.
vincent.
-----------------------------------------------------------------
ATTENTION:
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.
Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
-----------------------------------------------------------------
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
