Re: How should I configure internal and external DNS servers

Fri, 03 Nov 2023 12:19:28 -0700

Unfortunately they are not separate subdomains. They are all part of the same domain. Can the bind-internal not be made to caching only and not authoritative? If so, how? 

On 03/11/2023 19:01, Andrew Pavlin wrote:
Have you considered making your internal DNS servers unpublished secondaries for the external domain data? Just because the external primary DNS server is configured to allow an internal server to do domain transfers does not mean that internal server's identity has to be published in external domain NS records. 


That way, only the external primary server authoritatively defines the 
external records, but the internal servers can authoritatively deliver 
those records as secondaries.



Of course, this only works if the internal and external data records are 
clearly separated in different subdomains or zones.


Andrew Pavlin

Powered by Cricket Wireless
Get Outlook for Android <https://aka.ms/AAb9ysg>
------------------------------------------------------------------------

*From:* bind-users <bind-users-boun...@lists.isc.org> on behalf of Nick 
Howitt via bind-users <bind-users@lists.isc.org>

*Sent:* Friday, November 3, 2023 1:58:51 PM
*To:* bind-users@lists.isc.org <bind-users@lists.isc.org>
*Subject:* Re: How should I configure internal and external DNS servers
On 03/11/2023 17:54, Marco M. wrote:

Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:


My problem is the use of external IP's duplicated between the
internal and external masters for some IPs/FQDNs which I want to get
rid of.

Implement IPv6 and get rid of the old IPv4 technology for internal
communication.

It is a big task, but after it is being done, many nasty stuff is gone
like NAT hairpinning or split-DNS.

Not remotely on the cards with 200+ servers and so on, I'm afraid. Some 
of the servers are too old, I think for IPv6 - SLES 11.



Really I am looking to see if it is possible to turn the internal DNS 
server, bind-internal, into a caching server and help with how to do it. 
Or not to do it if it is a bad idea.

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to