Have you considered making your internal DNS servers unpublished secondaries for the external domain data? Just because the external primary DNS server is configured to allow an internal server to do domain transfers does not mean that internal server's identity has to be published in external domain NS records.
That way, only the external primary server authoritatively defines the external records, but the internal servers can authoritatively deliver those records as secondaries. Of course, this only works if the internal and external data records are clearly separated in different subdomains or zones. Andrew Pavlin Powered by Cricket Wireless Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: bind-users <bind-users-boun...@lists.isc.org> on behalf of Nick Howitt via bind-users <bind-users@lists.isc.org> Sent: Friday, November 3, 2023 1:58:51 PM To: bind-users@lists.isc.org <bind-users@lists.isc.org> Subject: Re: How should I configure internal and external DNS servers On 03/11/2023 17:54, Marco M. wrote: Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users: My problem is the use of external IP's duplicated between the internal and external masters for some IPs/FQDNs which I want to get rid of. Implement IPv6 and get rid of the old IPv4 technology for internal communication. It is a big task, but after it is being done, many nasty stuff is gone like NAT hairpinning or split-DNS. Not remotely on the cards with 200+ servers and so on, I'm afraid. Some of the servers are too old, I think for IPv6 - SLES 11. Really I am looking to see if it is possible to turn the internal DNS server, bind-internal, into a caching server and help with how to do it. Or not to do it if it is a bad idea.
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
