Hi, In large scenarios, they might have an advantage in having the same domain inside and outside, which is when accessing services behind NAT addresses, you can serve the private address internally. In that way, you do not need to go to firewall and back to the private network to translate that NAT.
Regards On 28 July 2017 at 15:23, Claer <cl...@claer.hammock.fr> wrote: > On Fri, Jul 28 2017 at 58:07, Steve Williams wrote: > > Hi, > Hello, > > > I recently upgraded to 6.1 and am trying to (finally, after many OpenBSD > > versions over 10 years) fine tune my home network. > > > > I would like to run a local resolver on my internal network that will > > resolve all my hosts on my local network to IP addresses on my local > > network(s) rather than resolving to their public IP addresses. > > > > I believe it's called a "split zone" DNS, where my domain is resolved > > locally, but everyone else is resolved using normal resolution processes. > > > > I set this up at one of my previous jobs using BIND, but that was 7 years > > ago. I've never gone to the trouble of doing it at home, but I would > like > > to exercise my brain a bit as well as having my home network set up > > "better". > > > > What is the best tool to accomplish this these days? Is NSD the "modern" > > tool to be using on OpenBSD? > I went for nsd for external domain informations and Unbound for local > cache and local resolutions override. > > bind was a DNS resolver and a forwarder at the same time. If you want > both options, you need to setup NSD and Unbound. > > Unbound alone can do the trick for few records, but I found it easier to > have a dedicated resolver in case I wanted to sync zones with a slave. > > > Are there any hooks for dhcpd to update records? > Dunno, I use static MAC - IP mapping. > > > I've read the NSD(8), nsd.conf(5) man pages and that seems to be the way > to > > go, but I thought I'd check the wisdom here to see if there is a better > > approach. > As said, just pay attention that nsd is a resolver only. > > > Thanks, > > Steve Williams > > Nowadays, I try to avoid using the same domain for internal and > external. From my ops point of view, having a domain.local and a > domain.ext is easier to maintain. > > > Regards, > > Claer > > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
