Send this
RSS
Home DNS Design
While not quite split-DNS I have decided to use two separate DNS servers for internal versus external queries. This is considered best practice by many and makes DNS alot easier to manage. Of course this was all made possible by the fact I moved my old tunnel broker service with go6.net to he.net (www.tunnelbroker.net) and as a result the tunnel was moved from one of the Xen DOMUs to the Juniper Netscreen.
The idea to do this came about after I moved my IPv6 6in4 tunnel from the smallest Xen DOMU to my Juniper Netscreen after getting it upgraded to 6.2r1 which provided the added support of IPv6 to the appliance. So I'm thinking, what can I do with this 64M DOMU (mouse) running NetBSD 4.0.1? Well, I was having a headache of a time trying to manage my two domains (fourings.com & i.fourings.com) off one DNS server. On top of that this DNS server did not have a leg in the DMZ but rather in the internal 'trust' network zone (ScreenOS speak). So then I realized I should separate the two DNSs and put the external fourings.com zone on mouse and place his interface in the DMZ. This was easy and the perfect solution. I've taken the time to detail this configuration under the Tech section in the document Internal/External DNS.
