Re: [SLUG] DNS (bind 9) questions

From: Ian C. Blenke (icblenke@nks.net)
Date: Fri Mar 09 2007 - 22:50:05 EST


Chris Mathey wrote:
> I have a local DNS server I use for internal name resolution which
> uses forwarders for external resolution.
>
> I use a third party for internet resolution of my public services such
> as smtp,http, et al. (these are just NAT'ed to my internal server)
>
> I have an external mail server that receives mail for my domain and
> relays it to my internal mail server. A,PTR,MX records are all correct
>
> My issue is how to internally resolve the address of my external mail
> server. I tried to just put a A record for the external server in my
> local DNS zone but it just ignores it. I assume because I am not SOA?

If you make your local bind server authorative for your domain, you have
what is known as "split horizon DNS".

In this configuration, the outside world has a different view of your
domain records from an external authorative DNS server than your
internal boxes do.

There are benefits and drawbacks from this configuration. The most
common reason not to do this is that it can be confusing if you don't
remember to update records from the correct perspective. On the other
hand, you can do some neat tricks with software like sendmail to relay
mail with split horizon rather easily.

> I would rather not define any sub domains.
With split horizon you could have sub domains from the inside and not
from the outside, or the other way around.

Without split horizon, the general "trick" to doing what you want to do
is to define a "private" subdomain and add that to your resolv.conf
search line first so that the internal nam and IP address is preferred
over the external name and IP. You would need to deal with $j not
matching the host's FQDN with some mailertable and virtusertable entries.

Either way has some positive points and some negative points. It really
depends on which way you would rather put together your internal
infrastructure.

 - Ian



-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:46:05 EDT