Hello... Dan Lockwood wrote:
Everyone,
I have a customer that is multihomed, to a public ISP and to another large network that uses 10.0.0.0 address space. The private address
The other large network is, IMHO, broken for doing this. The address space is no longer 'private'.
space also has services available via public address space and consequently is running a split DNS service, public and private. Because of firewalls and the placement of DNS servers this customer has a nasty routing situation and in order to make DNS work for the private numbers, has spoofed the domain of the private network. My question is
Have you thought about DNS 'forwarding' ? something like this in your DNS server: zone "broken.company" { type forward; forwarders { 10.0.0.1; 10.0.0.2; // first using private address space publicly // then not even putting DNS on seperate networks // lamers }; }; instead of running their zone locally?
this: are there any documents or RFCs that outline what is an acceptable practice for running DNS and what is not? Their kluge of a network
IMHO, this is a broken network issue not really a DNS issue.
causes continuous problems for both the upstream ISP and the private network to which they are connecting and we may find ourselves in a situation where we have to say that 'xyz' is an acceptable way of operating and 'abc' is not. Any advice is appreciated. Thanks!
Dan Lockwood
And please don't post in HTML. -- Christopher McCrory "The guy that keeps the servers running" chrismcc@pricegrabber.com http://www.pricegrabber.com Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works.