This is a discussion on Re: delegation of subdomains - DNS ; -------- Original-Nachricht -------- > Datum: Thu, 11 Oct 2007 18:55:18 -0400 > Von: Kevin Darcy > An: firstname.lastname@example.org > Betreff: Re: delegation of subdomains > It's a bad practice to put private addresses in publically-visible > zones, because it results ...
-------- Original-Nachricht --------
> Datum: Thu, 11 Oct 2007 18:55:18 -0400
> Von: Kevin Darcy
> An: email@example.com
> Betreff: Re: delegation of subdomains
> It's a bad practice to put private addresses in publically-visible
> zones, because it results in bogus DNS traffic. This is the kind of
> thing views were created to prevent: put the private addresses in the
> internal view so that only internal clients see those addresses.
> - Kevin
I don't know if they are the right thing in my case.
The dns server which has the schaefer-shop.de zone ist completely outside the company lan and the server fpr the mw.schaefer-shop.de zone is inside, so on the second server there is no need for a view, because it has private addresses and is in an private network.
And the first server has in the open zone schaefer-shop.de only a delegation to the internal server, the entries are:
mw.schaefer-shop.de. IN NS webhost.mw.schaefer-shop.de.
webhost.mw.schaefer-shop.de. IN A 10.19.155.90
If there is a way of which I don't know how to put these entries in a view, then I sure will do this.
> Markus Boehmer wrote:
> >> On Thu, Oct 04, 2007 at 06:49:14AM -0700, Markus Boehmer wrote:
> >>> 1. Domain is "def.gh" - DNS-server is somewhere outside the company
> >>> lan with internet access and is reachable from the internet
> >>> 2. Domain to delegate is abc.def.gh - DNS-server is inside the company
> >>> lan, has internet access, but is not reachable from the internet.
> >> Having the delegation visible worldwide would be a lame delegation for
> >> clients not on the local network, which I consider a config error.
> >> Greetings
> >> Marc
> > Hi Marc and everyone else,
> > here's another problem.
> > I would prefer the "lame method" for various reasons, being
> > here in our company network.
> > The "outside" Server ist nsr1.4smr.net, authoritative for the zone
> > This one should now delegate "mw.schaefer-shop.de" to our internal
> Server with the IP-Address 10.19.155.90, who is already up and running, so that
> other nameservers in our company network can find our subdomain
> > The admin responsible for ns1.4smr.net now told me, that he can't
> delegate, because our internal nameserver can not be reached or reverse looked
> > Is this possible? I thought, that entries in the schaefer-shop.de. zone
> > files like:
> > mw 86400 IN NS webhost.mw.schaefer-shop.de.
> > webhost.mw.schaefer-shop.de. 86400 IN A 10.19.155.90
> > would be enough.
> > Have I understood this wrong? I read DNS & Bind from O'Reilly and I
> > that the above mentioned would be enough.
> > With this configuration, computers within our company network should be
> able to find our zone and computers outside the company network have simply
> a weird looking dns record.
> > Regards
> > Markus
Per humanitatem ad pacem
Durch Menschlichkeit zum Frieden