Thanks. All makes sense and definitely something to think about in the new network design.
Also wanted to say, I did like the doc and will be using that, but as you say, will make particular note about the maintenance side of things. Thanks Kobus ----- Original Message ----- From: "Alan Clegg" <a...@clegg.com> To: "Kobus Bensch" <kben...@fullnet.co.uk> Cc: bind-users@lists.isc.org Sent: Thursday, 1 November, 2012 11:26:31 AM Subject: Re: BIND and DNSSEC On Nov 1, 2012, at 7:14 AM, Kobus Bensch <kben...@fullnet.co.uk> wrote: > Is that because split horizon doubles admin or because its bad all together? > > I have been using split horizon for many years now and found it very useful. > Any thoughts from any on the list would be most welcomed. Crafted for a private reply, but being re-used here: There are places that views/split-horizon fit the model that has been put into place. It does, however, break the "one-question, one-answer" concept that was foundational for DNS. My recommendation is that for "internal" addressing, a separate zone be created that serves that address space. You gain a number of things from this, including easier debugging and better data security (no-longer are you concerned about exactly what clients are seeing at "www.internal.example.com" since you know that the only people able to resolve/route "internal.example.com" are the ones that should be able to). The problem lies in that over the years, people (usually the higher-ups) have been trained (by us, the in-the-trench guys) that "www.example.com" can be one thing internally and something else externally, or that their printer really _should_ be named myprinter.example.com and not myprinter.internal.example.com. All the best, AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com -- Fullnet Solutions Limited 7 Marlborough Close Maidenhead Berkshire SL6 4LP United Kingdom Telephone: +44 (07703) 503 733 Kobus Bensch: kben...@fullnet.co.uk Information: i...@fullnet.co.uk WWW: http://www.fullnet.co.uk Registered in England & Wales. Company Number: 3568937 VAT registration number: UK 714 7309 42 E & O.E. All prices exclude VAT & Carriage unless otherwise specified. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system administrator by emailing ad...@fullnet.co.uk with the subject "eMail Confidentiality Query!" . The content of this email does not necessarily reflect the views or opinions of Fullnet Solutions Limited. If you have any queries or complaints please email i...@fullnet.co.uk with the subject "eMail Comment/Complaint Query!". This footnote also confirms that this email message has been scanned for the presence of computer viruses. Fullnet Solutions Limited can however not be held responsible for any virus infections on the recipients or any other systems. For more information regarding the solutions Fullnet has to offer please email i...@fullnet.co.uk with the subject "Sales Query!". _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
