Re: BIND Question...
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Fri, 15 Dec 2006 20:08:39 -0600
"Niatross" <niatross@xxxxxxxxxxxxxxxx> wrote in message
news:74D74398-1569-4D8D-A4A6-6D8C013760C2@xxxxxxxxxxxxxxxx
Herb,
You answered it "fully" and now I understand what I need to do with
multiple
external hosts (www, ftp, etc) and internally trying to resolve them. I
will
(from now on), maintain all EXTERNAL DNS changes on the internal servers
manually instead of delegating. If I wanted to setup delegation, I didn't
know (until you taught me today) that I would have had to treat treat
hostnames (like www, ftp) as literally subdomains/zones.
You catch on very quickly so you should have no trouble
in the long run, and there are many here who will help you
if you just keep asking (as you are doing.)
I think the problem I had was I was entering in lots of NS records to
resolve every every host record on the external dns server (meaning:
referring/delegating external hosts to the external dns server). I didn't
know i had to create a zone for each host. I thought they were host, not
subdomains. In reality, your hosts are subdomains since you have to create
a
zone for each one of them.
You don't have to actually CREATE the zones for each
host, merely delegate them from the internal to the external
DNS server which holds the zone containing them, but I
don't recommend this method and agree with your plan to
add such (external) records twice: once externally and
again internally.
[Internal only records are NOT added to the outside DNS
for security and privacy reasons.]
Sounds like you might even be an "old DNS guy" since
most people never realize that TECHNICALLY every
DNS host name is a "domain". No one seems to use
the terminology this way today (and I seldom mention it
since it would confuse most people who are just learning
DNS) even though it is traditionally correct.
[BTW: This is the part of the reason 'Domain' and 'Zone' are
separate terms and not precisely synonymous.]
My BIND test.com zone data file had (lots of NS records in one zone file).
I'm finding out that this was WRONG. Thanks for straightening me out.
Generally there are only two reasons for NS records:
1) For the actual DNS servers of that same zone
2) The delegation/glue records for child zones
(which then must exist on those delegated servers)
The idea of using a delegation to actually point to a single
record OR a to override (maintain a different answer locally)
a record from another zone are very unusual cases and something
of a hack.
Here is how it looked (see all the NS records):
$TTL 86400
test.com. IN SOA xserve.test.com. admin.example.com. (
2006121587 ; serial
3h ; refresh
1h ; retry
1w ; expiry
1h ) ; minimum
test.com. IN NS xserve.test.com.
www.test.com IN NS ns1external.test.com.
ftp.test.com. IN NS ns1external.test.com.
hpg.test.com. IN NS ns1external.test.com.
ftv.test.com. IN NS ns1external.test.com.
wev.test.com. IN NS ns1external.test.com.
hot.test.com. IN NS ns1external.test.com.
jbv.test.com. IN NS ns1external.test.com.
secret.test.com. IN NS ns1external.test.com.
west.test.com. IN NS ns1external.test.com.
east.test.com. IN NS ns1external.test.com.
One would expect (in most all normal cases) that
the A records for these NS record names would
appear in this parent zone AND that those DNS
servers would actually hold the zone named in the
delegations.
test.com. IN A 192.168.1.1
xserve IN A 192.168.1.1
pc1 IN A 192.168.1.45
pc2 IN A 192.168.1.50
Thanks, Niatross
Hope it helps.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
----------------------------------------------------------------
"Herb Martin" wrote:
"Niatross" <niatross@xxxxxxxxxxxxxxxx> wrote in message
news:DA7F176B-5B4B-4E0D-B0B4-C90487C9B425@xxxxxxxxxxxxxxxx
I am setting up an internal DNS server. In a BIND file (on my internal
DNS
server), how do you resolve external hostnames (like www) to an
external
DNS
server?
This isn't a BIND group but you do it just like you do
for every other DNS server and for every other record:
You just add it.
I don't want to hard code a www host record on my internal DNS server
because my internal and external DNS name space is the same (test.com).
That is precisely what you do (and want to do) in such
cases -- your setup is called "Shadow DNS" and this
means you must also make and maintain all EXTERNAL
DNS changes on the internal servers manually.
I
want to send all www queries to the external DNS server that is hosting
my
DNS.
Technically this could be done through delegation but it
is much uglier than just doing the shadow DNS. (Delegation
would require a different zone delegation for each such computer
name be added to the internal servers -- each separately.)
[You could also use conditional forwarding but that is
just as ugly, and just as manual.]
I also have many more hosts sitting out on the internet that need to be
resolved by my internal DNS server. How do i set this up?
Manually since the zone names are the same. This is
precisely the main disadvantage of "shadow DNS" and
using the same name for both external and internal purposes.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
.
- References:
- Re: BIND Question...
- From: Herb Martin
- Re: BIND Question...
- From: Niatross
- Re: BIND Question...
- Prev by Date: Re: need clarification on whos talking to who?
- Next by Date: Re: BIND Question...
- Previous by thread: Re: BIND Question...
- Next by thread: Re: BIND Question...
- Index(es):
Relevant Pages
|
