>I would suggest making the affected nameservers secondarys of the subdomains.
> .
> .
>This make for a strange named.boot file but since ns.hasp.com is authoritative
>for support.hasp.com it won't forward the request to the outside nameserver.
It also makes for some bizarre failure modes when secondary zones
expire. Plus, if you want to do reverse lookups, you have to
secondary all the in-addr.arpa domains as well. That doesn't
scale. We've been running that way for over a year at Octel. It works, but
I'm looking for alternatives.
>On Sep 20, 7:26pm, APOGEE_Communications_Firewalls_Interest_Group wrote:
>> Subject: Split DNS with subdomains
>> Hi,
>>
>> Suppose you have a firewall, suppose that you install a split DNS
>configuration
>> and suppose that you have subdomains...
>> Suppose someone in your domain wants to resolv a machine in the subdomain,
>> you think that the primary server will invoke the subdomain's
>nameserver,right ?
>> No...it will forward to the outside because you told it to forward...even if
>> he really finds out that the good server was the subdomain's server...
>>
>> Now, suppose that this problem is mine...
>>
>> Please... help :'( ....
>>
>>
>> Jean-Francois
References:
|
|
