On 19-OCT-1994, I wrote:
>I am a newbie to DNS administration, so I apologize in advance if this is
>not the correct forum to ask this question, and implore you to point me to the
>appropriate place for this.
>I am building a doubly-screened subnet as follows :
> Access | Choke Internal
>Provider Router | Router Network
>|-----| |_____| | |-----| |------|
>| |------------| |--------|------| |----------| |
>|-----| |-----| | |-----| |------|
> | DNS
> | |-----| Domain
> |------| | "mynet.org"
> | |-----|
> | Bastion "xyz"
> DMZ DNS
> Segment Domain
< rest of message deleted >
Many thanks to all who sent in their suggestions and ideas! Here is the
help I received on the subject of using multiple DNS sources on my internal
- By far, the most prevalent suggestion was to set up forwarders in the DNS
config files on the internal nameserver, foobar.mynet.org . This is
accomplished by adding the line
to named.boot on foobar. The end result of doing this is that queries
for data not on the internal net will get resolved by the bastion host,
which is ultimately a server for the Internet at large. There are some
other details, for which I would recommend _carefully_ reading the
forwarders section of the documentation for your vendor-of-choice.
- It was also suggested that in addition to the forwarders line, I add the
to foobar's named.boot after the forwarders entry. This makes the server
only make queries to forwarders, according to the documentation.
- It was also *strongly* suggested that the bastion be the primary
nameserver (not secondary as I had indicated) for the internal domain
mynet.org, so that I would control what is on that server. I took the hint.
So, after I set up forwarders and slave and got the bastion set up as
primary, it works great.
Thanks to everyone who wrote,