On Nov 1, 2012, at 7:14 AM, Kobus Bensch <kben...@fullnet.co.uk> wrote:
> Is that because split horizon doubles admin or because its bad all together? > > I have been using split horizon for many years now and found it very useful. > Any thoughts from any on the list would be most welcomed. Crafted for a private reply, but being re-used here: There are places that views/split-horizon fit the model that has been put into place. It does, however, break the "one-question, one-answer" concept that was foundational for DNS. My recommendation is that for "internal" addressing, a separate zone be created that serves that address space. You gain a number of things from this, including easier debugging and better data security (no-longer are you concerned about exactly what clients are seeing at "www.internal.example.com" since you know that the only people able to resolve/route "internal.example.com" are the ones that should be able to). The problem lies in that over the years, people (usually the higher-ups) have been trained (by us, the in-the-trench guys) that "www.example.com" can be one thing internally and something else externally, or that their printer really _should_ be named myprinter.example.com and not myprinter.internal.example.com. All the best, AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
