On 04/01/2013 11:46 AM, Kevin Darcy wrote:
On 3/29/2013 12:09 AM, Doug Barton wrote:
On 03/28/2013 12:28 PM, Ben-Eliezer, Tal (ITS) wrote:
My organization is evaluating the use of split-view DNS in our
environment.
Simple ... don't do it. It's almost never the right answer, and as
you're learning carries with it more administrative overhead than the
problems it's designed to solve.
Much better to spend the time carefully considering what your goals
are, and finding other ways to reach them.
>
And your alternative is what? Run the external version of the namespace
on a completely separate infrastructure from the internal version?
No, my point was don't do 2 versions.
Somewhere in the last 10 years (roughly corresponding to the popularity
of NAT) it became baked in to a large segment of the DNS operator
community that having internal and external views of the same zones was
not only necessary, it was the only right way to do things. In my
experience the number of times that this is the right answer are very
few and far between. Looking at the actual problems that need solving
without the prejudice that multiple views are necessary (or even
correct) often leads to better solutions.
Doug
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
