Kevin Darcy wrote:
> Slave the 10.in-addr.arpa subzones on your "external" servers and ensure > -- as you should already be doing -- that only your own > clients/resolvers see the RFC 1918 stuff. The rest of us shouldn't and > don't want to see your RFC 1918 dirty laundry. Done, and of course you can't see it. What good would it do you anyway? > As for your *internal* DNS, you can if you wish delegate 10.in-addr.arpa > directly from your internal root zone or delegate twice, from root to > in-addr.arpa, and then again to 10.in-addr.arpa. If you _have_ an > internal root zone, that is: it's not clear from your post whether you > have one or not. Well, no, it's not set up as root if you mean zone "." It's just another zone on the server. And if I do a dig +trace, it doesn't work of course (the root servers have no idea what I'm smoking when I ask). I've not seen an example of how we'd do that. -- Peter Laws / N5UWY National Weather Center / Network Operations Center University of Oklahoma Information Technology [EMAIL PROTECTED] ----------------------------------------------------------------------- Feedback? Contact my director, Craig Cochell, [EMAIL PROTECTED] Thank you!
