[Techtalk] bind question
Chris Wilson
chris+linuxchix at aptivate.org
Fri Jan 29 10:16:39 UTC 2010
Hi Maria,
On Fri, 29 Jan 2010, Maria McKinley wrote:
> > If reverse mapping is really important to you, don't use split
> > horizon. You will never get 100% reliable results. Use an internal
> > hostname to map to an internal IP, and use the "search" option in
> > /etc/resolv.conf to search the internal domain instead of the external
> > one.
> >
>
> Hmm, not sure how I feel about this strategy. It would mean changing a
> hell of a lot of configs on a whole lot of machines.
resolv.conf should be set by DHCP on all machines, so you can supply the
search setting by configuring your DHCP server.
> Not to mention having to get a bunch of people use to the concept of
> using different hostnames depending on where they are.
DNS caches will mess you up when people move hosts from inside to outside
the network (think jumping on a 3G or someone else's wireless connection,
or one outside of your DMZ).
> Have to think about that. Might prefer to remake the /etc/hosts file for
> all the machines that this is important for, although that is hardly
> ideal either...
Might work too. You can use rdist etc. to distribute /etc/hosts
automatically. But still a problem for machines which change networks, and
still means conflicting DNS databases which is a bad idea imho (leads to
infinite confusion).
You could always nat your public IPs back to private ones for internal
users at your firewall, so people can still ping/ssh sarah.shadlen.org
(using its public IP) on the internal network and it will just work (tm).
Cheers, Chris.
--
Aptivate | http://www.aptivate.org | Phone: +44 1223 760887
The Humanitarian Centre, Fenner's, Gresham Road, Cambridge CB1 2ES
Aptivate is a not-for-profit company registered in England and Wales
with company number 04980791.
More information about the Techtalk
mailing list