Firewalls: Split DNS and Subdomain Delegation

Firewalls
(January 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Split DNS and Subdomain Delegation
From:	Goetz von Escher <Goetz . von-Escher @ open . ch>
Date:	Wed, 4 Jan 95 16:09:16 +0100
To:	firewalls @ greatcircle . com

Folks,

Assuming that we run a split dns with an EXTERNAL server on the firewall,
an internal PARENT server with a forwarder statement to the firewall and
some SUBDOMAIN servers that have the real information.

When we ask the internal PARENT server about a host in a subdomain
the query fails! Due to the forwarder statement the PARENT server will
(after a look in its own database & cache) ask the EXTERNAL server and
promptly get the (wrong) answer: "no such host in this domain". He will
never ask the SUBDOMAIN servers!

    Conclusion: You cannot delegate domains in a split dns setup!

Now in a really decentralized company (where you cannot make the
PARENT server secondary of all the SUBDOMAIN servers) is there a
possibility to achieve split dns *and* subdomain delegation without
hacking bind?

---
Goetz von Escher                email:  Goetz .
 von-Escher @
 Open .
 CH
Open Systems AG                 voice:  +41 (61) 262-0505
Basel, Switzerland              FAX:    +41 (61) 262-0510

Follow-Ups:

Re: Split DNS and Subdomain Delegation
From: "Todd S. Aven" <avents @ btco . com>
Re: Split DNS and Subdomain Delegation
From: Bill Gaupp <wvg @ minnesota . emc . cdc . com>

Indexed By Date	Previous:	Email monitoring From: "Steve J. Sibert" <sibert @ vader . dsai . com>
Indexed By Date	Next:	Re: where can I find RFCs ? From: patrick @ oes . amdahl . com (Patrick Horgan)
Indexed By Thread	Previous:	Had gone offline but... From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Indexed By Thread	Next:	Re: Split DNS and Subdomain Delegation From: "Jim Littlefield" <little @ ragnarok . hks . com>