Hello, On 24.7.2018 16:52, A. Schulze wrote: > some times ago there was an proposal (?) from Warren Kumari to define a zone > "internal." for internal use. > > We consider a major DNS redesign of a large enterprise network. Part of the > network is private (RFC1918 address space in use) > some other parts are public. The whole network is currently organized as > subdomains of example.com. > > One problem is the inability of users to distinguish the public/private state > of different subdomains. > sub1.example.com is public, sub2.example.com isn't :-/ > > For that I like the proposal to use "internal." But that's far away from > being a standard. > So I like to ask about alternatives...
I would recommend you to use subdomain of your public domain. My operational experience indicates that it is easiest to just use "corp.example.com.", "office.example.com.", or even "i.example.com.". These are legible to users and clearly indicate that anything below it is internal name only. The rest of matter of configuration on the authoritative server. Nice thing is that this approach doesn't require: - views - forwarding - explicit trust anchor (if you want DNSSEC inside internal network) and generally just works :-) -- Petr Špaček @ CZ.NIC _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
