Link to home
Start Free TrialLog in
Avatar of siunix
siunix

asked on

split dns setup

Hi,
   I like to set up a split dns servers for
mydomain.com;  which method works best?
should I use subdomain for the internal network?
I currently do not use subdomain?  what is the
easiest way to do this?  Does anybody has a working
sample setup?

thanks in advance:
Avatar of mshivdas
mshivdas

You don't need to use a subdomain for the internal network.

What you do is populate the external DNS server with any entries that you want to have publicly visible.  The external server should be registered as the SOA for your domain and will handle all external queries.

Then, on the internal DNS server, you put in your internal addresses and your external addresses.  Internal clients are configured to resolve to the internal server.

How you handle resolution of addresses not in your domain for your internal clients will depend on your actual setup -- one option would be to configure things so that the internal server resolves to the external server, but the actual details of that setup are predicated on whether you have a firewall between the two machines, whether that firewall is running BIND, whether you would prefer to have the internal DNS server talk directly to the root servers, and a multitude of other variables.
Avatar of siunix

ASKER

Thanks for the input;  I like your idea by not
creating a subdomain because it would be lots
problems since lots of servers are already in the
domain.  We have a dmz (pix firewall) which has
the external dns.  I thought you cannot have
the internal dns as mydomain.com and the external
dns as mydomain.com.  This is why I suggest to use
subdomain, like eng.mydomain.com as the internal
dns domain and forward all mydomain.com to the
external dns.  How do you forward the internal dns to
 external dns when use one domain.com?
Do you have a sample /etc/named.conf and /etc/resolv.conf
for the internal and external dns?

thanks for your help :-)
ASKER CERTIFIED SOLUTION
Avatar of mshivdas
mshivdas

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Yes you can have an internal and external DNS for the same domain. As long as you define records on each DNS for nodes in the "other network" that need to be visible in that namespace everything will work properly. Technically that is a split DNS as there are two disjoint namespaces. And from a security standpoint have a DNS running inside of the firewall is a good idea. For moderate sized private networks you can enhance security by having your inside DNS servers only forward non-local requests (requests for Internet names) to your DNS servers in the DMZ.

In practice a split dns, whether by running two instances of named (prior to Bind 9 thats the only way) or by using views in Bind 9, is two disjoint namespaces. There is no overlap of zone file data and each "view" of your domain must be complete for that namespace. In other words, the outside nameserver instance or view must contain all records that any Internet or DMZ server will need. In a like manner the inside instance or view must contain data for all interior nodes as well as those nodes that you "own" in your DMZ. The two instances of views of the DNS will never consult each other for records assocaited with your domain as each thinks that "it is the domain".
Avatar of siunix

ASKER

thanks for the help :-)