-------- Original-Nachricht --------
> Datum: Thu, 11 Oct 2007 18:55:18 -0400
> Von: Kevin Darcy
> An: bind-users@isc.org
> Betreff: Re: delegation of subdomains


> It's a bad practice to put private addresses in publically-visible
> zones, because it results in bogus DNS traffic. This is the kind of
> thing views were created to prevent: put the private addresses in the
> internal view so that only internal clients see those addresses.
>
> - Kevin
>


Hello Kevin,

I don't know if they are the right thing in my case.
The dns server which has the schaefer-shop.de zone ist completely outside the company lan and the server fpr the mw.schaefer-shop.de zone is inside, so on the second server there is no need for a view, because it has private addresses and is in an private network.

And the first server has in the open zone schaefer-shop.de only a delegation to the internal server, the entries are:

mw.schaefer-shop.de. IN NS webhost.mw.schaefer-shop.de.
webhost.mw.schaefer-shop.de. IN A 10.19.155.90

If there is a way of which I don't know how to put these entries in a view, then I sure will do this.

Greetings
Markus

> Markus Boehmer wrote:
> >> On Thu, Oct 04, 2007 at 06:49:14AM -0700, Markus Boehmer wrote:
> >>
> >>> 1. Domain is "def.gh" - DNS-server is somewhere outside the company
> >>> lan with internet access and is reachable from the internet
> >>>
> >>> 2. Domain to delegate is abc.def.gh - DNS-server is inside the company
> >>> lan, has internet access, but is not reachable from the internet.
> >>>
> >>>
> >> Having the delegation visible worldwide would be a lame delegation for
> >> clients not on the local network, which I consider a config error.
> >>
> >> Greetings
> >> Marc
> >>

> >
> > Hi Marc and everyone else,
> >
> > here's another problem.
> >
> > I would prefer the "lame method" for various reasons, being
> > here in our company network.
> >
> > The "outside" Server ist nsr1.4smr.net, authoritative for the zone

> "schaefer-shop.de".
> >
> > This one should now delegate "mw.schaefer-shop.de" to our internal

> Server with the IP-Address 10.19.155.90, who is already up and running, so that
> other nameservers in our company network can find our subdomain
> mw.schaefer-shop.de.
> >
> > The admin responsible for ns1.4smr.net now told me, that he can't

> delegate, because our internal nameserver can not be reached or reverse looked
> up.
> >
> > Is this possible? I thought, that entries in the schaefer-shop.de. zone
> > files like:
> > mw 86400 IN NS webhost.mw.schaefer-shop.de.
> > webhost.mw.schaefer-shop.de. 86400 IN A 10.19.155.90
> >
> > would be enough.
> >
> > Have I understood this wrong? I read DNS & Bind from O'Reilly and I

> think,
> > that the above mentioned would be enough.
> >
> > With this configuration, computers within our company network should be

> able to find our zone and computers outside the company network have simply
> a weird looking dns record.
> >
> > Regards
> > Markus
> >
> >

>


--
Per humanitatem ad pacem
Durch Menschlichkeit zum Frieden