I know you said that you don't want to put nameservers at
each spoke site and don't want to pass DNS traffic over the
T1s, but I'm guessing that you actually don't want to
manage independent nameservers at each site and that you
might not mind passing the occasional *internal* zone
transfer over the T1s. If that's not the case, maybe you
can elaborate on the reasons you don't want to do either of
these.
Anyway, have you considered doing something like this:
Put a primary nameserver at your hub site.
Put caching secondary nameservers at each spoke office.
Sign up for a secondary hosting service (this is cheap,
probably less than $50/year).
Only list the hosted nameservers in your domain record and
in the zone data NS records (a "hidden primary" setup).
Point the user PCs at each spoke office to the nameserver
at that office.
Only allow zone transfers from your hosted nameservers to
your primary, while the spoke office secondaries do zone
transfers over the T1s.
Use BIND views (BIND 8 or 9), subdomains, or alternate
domains to restrict the DNS information on internal IPs to
your private network.
Benefits:
You're not resolving DNS queries from the outside through
your Internet connection.
The spoke offices get fast, reliable DNS resolution for
both internal (authoritative) as well as external IPs
(cached), even if a connection is down.
External queries are handled (by the hosted nameservers)
even if one your ISP connections is down. Especially good
if your website and/or email is hosted outside of your
network.
DNS changes only have to be made on the primary, and will
propagate to all of the secondaries.
You're only publishing public IPs (Publishing private IPs
is usually frowned on, see
http://www.menandmice.com/9000/9320_DNS_Corner_Q&A/93_Q&A_0
01.html [Cricket Liu wrote the O'Reilly DNS books and does
the Q&A]).
Your internal IPs aren't available via DNS to the outside
world.
Just a thought.
Mark Robinson
-----Original Message-----
From: owner-nolug@redfishnetworks.com
[mailto:owner-nolug@redfishnetworks.com]
On Behalf Of John Kosta
Sent: Thursday, February 02, 2006 1:50 PM
To: nolug@nolug.org
Subject: [Nolug] company dns on internet / not linux but...
Guys and Gals,
how would you tackle this?
Hub office = New Orleans
Spoke offices = all over the place
Remote offices connect to New Orleans via Point to Point
T1s, and have
internet backup.
I don't want to put DNS servers in the remote offices, and
I don't want
to pass DNS traffic over the T1s. If the T1s go down, I
want my users
to access New Orleans hub via the internet.
Do you know of/can you recommend /is this a horrible/good
idea?: Is
there a DNS company/service that will allow me to export my
DNS settings
from New Orleans hub to the internet that I can point all
my clients to
that will have both my company specific DNS answers, and
world wide DNS
answers?
So, I set all clients to get their DNS answers from:
ns1.someisp.com
They want yahoo, they get yahoo's public IP address.
They ask for privatemailserver.atmycomany.com they get the
private
internal ip address.
How do other people handle this type of situation?
Thanks for any advise.
--John
___________________
Nolug mailing list
nolug@nolug.org
___________________
Nolug mailing list
nolug@nolug.org
___________________
Nolug mailing list
nolug@nolug.org
Received on 02/02/06
This archive was generated by hypermail 2.2.0 : 12/19/08 EST