[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Beginner's questions (DNS stuff)

From: Thomas Harold <tgh_at_tgharold.com>
Date: 2007-05-31 23:59:24 CEST

Ryan Schmidt wrote:
> On May 29, 2007, at 23:02, Thomas Harold wrote:
>>
>> (blink)
>>
>> Wait, I can setup a CNAME on a DNS server for a domain that I'm not
>> authoritative for? How's that work? You've hit upon something
>> that I've been meaning to fix for a while for our users.
>>
>> (snip)
>
> Ok, I admit I haven't tried this setup myself. The setup I have
> myself experienced involved a domain that we did own. Our public/DMZ
> server at the office was the primary DNS server for the domain, and
> it was (somehow -- don't ask me how -- I didn't do the DNS
> administration) set up so that within our intranet, when we asked for
> www.example.com, it would deliver the server's internal IP address,
> but when someone from out on the Internet requested that same name,
> it would deliver its public IP address. End result: it "just worked"
> no matter where you were.

That sounds like BIND "views", which requires that you are the SOA for
the domain. Basically you make a DMZ server at the office the primary
NS for the domain. Queries that come in via the external interface get
answered with a public routable IP address while queries that come from
the private IP address domain get answered with the private IP address.

i.e. svn.example.com resolves as 1.2.3.4 for queries from outside, but
resolves as 192.168.3.4 for queries on the internal network.

We may go that route. It would require us setting up BIND as
authoritative for our domains and letting DNSMadeEasy XFER them up to
their servers. (a.k.a. a "hidden primary" setup)

> I assume you could do this with any domain, even those you don't own.
> For those you don't own, obviously nobody else will be asking your
> DNS server about that domain. However, machines on your network will,
> since those machines are configured to ask your DNS server for all
> domains anyway.

Yes, that's what I was hoping as well. It seems like it ought to be
possible, I'm just not sure how to do it in BIND9. It's probably either
"stub" zones or "forwarding" zones.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jun 1 00:27:25 2007

This is an archived mail posted to the Subversion Users mailing list.