Split horizon

Started by lpther, March 22, 2005, 07:10:54 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

lpther

March 22, 2005, 07:10:54 AM
Nictool seems pretty much what we need for the web managment of our   (future) tinydns/djbdns DNS servers.

We will need to manage tagged records (basicaly untagged records + one type of tagged record). This is to use with a dual dns server approach (public/private) but with one record database to manage.

The private adresses would the be grep'ed out of the public database, with the tags in question that would be the easiest approach.

I would like to know if the option is implemented, of if it is easy to implement, and a little hint on how to implement it Wink

Thanks in advance!

Lp

LogicX

#1
March 22, 2005, 04:26:59 PM
You can easily specify which DNS servers a particular zone should use.  Then each dns server's exportation is handled seperately.  This would work out quite nicely for a private/public approach; and if you have any domains that need to be on both -- then just check off both the private and public DNS servers, and it will be exported to both.
--- May this post be indexed by spiders, and archived for all to see as my internet epitaph.
http://fpux.com" target="_blank">http://fpux.com

lpther

#2
March 23, 2005, 06:08:59 AM
(Note that I am relatively new to DNS)

As I understand your approach, I could use a private server with all the records (union of public/private zones) and a public server with the public zone alone.

But I want the separation at the record level, included in a single  zone.

Ex:

Be able to have one zone (example.net) and 2 DNS servers (nspriv/nspub auth for example.net) and be able to choose if a particular record would be exported for the public server.

Of course the DNS server assigned to hosts within the internal network will be nspriv, those outiside will be nspub.

etherealnet

#3
March 24, 2005, 01:59:04 PM
Why the hell would you want to do that ? What's the point. If you are trying to hijack public domains and server different records internally simply setup a seperate group of DNS servers for your internal network. It will be much easier than whatever wierdness you are trying to do.

LogicX

#4
March 24, 2005, 03:54:32 PM
?
His question, and the solution presented are separate DNS servers.  They would be managed through one interface and user privilege system: nictool
--- May this post be indexed by spiders, and archived for all to see as my internet epitaph.
http://fpux.com" target="_blank">http://fpux.com

matt

#5
March 24, 2005, 08:26:01 PM
I am fully aware and understand the usefulness of split-horizon DNS.  I too think it would be a cool feature to add to NicTool.  However, unless you or someone else is offering to pay to have the feature added, or contributes the code yourself, it won't be happening any time soon.

There are plenty of more important functions to be added to NicTool first, like an installation framework that walks you through installing the software.  That's FAR more important to NicTool's viability to the average sysadmin than split horizon DNS.
Print
Go Up Pages1
User actions