|
Thread Index Re: Re:[isp-dns] Split DNS
----- Original Message ----- From: Michael Malitsky [mailto:malitsky@...] To: isp-dns@isp-dns.com Sent: Tue, 02 Oct 2007 15:09:14 -0800 Subject: Re:[isp-dns] Split DNS > Len, > Thanks for the elaboration - this makes sense, and is more or less the > conclusion we came too, but wanted a confirmation. > > Dee, > Can you explain your comment that djbdns doesn't have a problem with > split DNS? I don't understand how the problem we are dealing with > (which is conceptual) can be dealt with by a different implementation on > one server? > Hi Michael, Does this help ? http://www.fefe.de/djbdns/#splithorizon -Dee > Thanks, > Michael > > > Subject: Re:Split DNS > > From: Len Conrad <LConrad@...> > > Date: Fri, 28 Sep 2007 08:52:45 -0500 > > X-Message-Number: 2 > > > > > > >So what I am hearing is that the only way to do this where I don't > > >depend on whoever runs the auth servers is to make the traffic loop > > >through the firewall. Correct? > > > > The integrity of DNS is guaranteed by having the system trust only > > the auth servers. All other data is suspect. No way to split a zone > > data and have two authorities give different answers in the > > same namespace. > > > > The other boundary is the NAT, separating the public/private IP > > space. That can't be bridged by DNS (works only in the (symbolic > > namespace), only by the IP managers (routers) (works in the IP space). > > > > If the auth servers would delegate a sub-domain to your DNS, that > > would work this way: > > > > In the domain.tld zone now: > > > > sub.domain.tld A ip.ad.re.ss > > > > after delegation: > > > > sub.domain.tld NS ns.yourdomain.tld > > > > and in your ns.yourdomain.tld for the zone sub.domain.tld : > > > > view public > > > > www.domain.tld A ip.ad.re.ss ; public IP > > > > view private > > > > www.domain.tld A ip.ad.re.ss ; private IP > > > > > > I'm a trainer and consultant for DNS and mail systems. > > > > Len > > > > > > > > ---------------------------------------------------------------------- > > > > Subject: Re: Re:Split DNS > > From: Len Conrad <LConrad@...> > > Date: Fri, 28 Sep 2007 14:08:13 -0500 > > X-Message-Number: 4 > > > > > > >So it looks though you are bind centric ? > > > > BIND has always served well, and it is the standard, RFC compatible, > > and function-complete, software. Never had to look elsewhere. > > > > > I much prefer djbdns now. > > > > yeah, well > > > > >We use it exclusively and split DNS is not a problem. > > > > BIND's views are much superior to the old BIND split views. > > > > Len > > > > > > > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > Copyright 2007 Jupitermedia Corporation All Rights Reserved. > To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. Copyright 2007 Jupitermedia Corporation All Rights Reserved. <- Previous Message | Next Message -> Thread Index |
|
