I am attempting to set up an internal server authoritative for our domain
to resolve internal requests. Using some helpful advice offered previously
on this list, I am using a "forwarders" line on this internal server that
points to our firewall name server to resolve outside addresses for
internal hosts. This way internal hosts should be able to easily resolve
both internal and external addresses, but external hosts should be
restricted to the information contained on the external firewall name server.
This works perfectly well for every client that points to the internal server.
The problem occurs with the servers that are primary for our
subdomains and the clients that point to them. These subdomain servers
are receiving Internet root information from the internal server
causing long delays and time-outs.
How can I stop the Internet root information from being propagated to
these subdomain primaries and their secondaries? The firewall solution offered
in the Nutshell Bind book (making Internal server authoritative for .)
does not offer the flexibility of the above solution.
Any help would be greatly appreciated.