On Wed, 2015-06-10 at 17:17 +0800, liumingxing wrote: > We have a domain name example.com while now we have application > servers that are located in in the localnet with private addresses and > ones in the external internet. We want to setup a recursive in local > networks that can provide recursive service and auth service that > internal users are redirected to the internal servers and the external > users are guided to outside servers.
Set up one or more authoritative servers that provide two views - an internal and an external view. Then set up your recursive servers anywhere you like. A recursive servers you put in the space served by the internal view will get internally valid responses from your authoritative servers. A recursive server you place outside the space served by the internal view will get externally valid responses from your authoritative servers, as will any other queriers from outside your internal spaces. Queries that don't involve your domain(s) will go to the wider Internet. Aside from setting up the appropriate views and siting the authoritative servers appropriately, you don't need any special configuration for all this to happen. You don't have to configure the recursive servers in any way specially either, except to make sure they accept queries only from your own networks. Don't set up one server as both a recursive and an authoritative server, though. Bad idea. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 Old fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882 _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
