hi, i'm mark the new guy to the nolug. i saw this thread and thought i might ask a question. john, are you running a windows domain? i'm asking because your subject says 'not linux'. and if so, is it active directory with distributed domain controllers?
thanks,
mark
John Kosta <johnkosta@earthlink.net> wrote:
Mark D Robinson wrote:
> I know you said that you don't want to put nameservers at
>
> each spoke site and don't want to pass DNS traffic over the
>
> T1s, but I'm guessing that you actually don't want to
>
> manage independent nameservers at each site and that you
>
> might not mind passing the occasional *internal* zone
>
> transfer over the T1s. If that's not the case, maybe you
>
> can elaborate on the reasons you don't want to do either of
>
> these.
I just don't want to add to the number of computers I have to worry
about on a daily basis (especially since most of these offices have 3 or
so people in them). That is why I was hoping there was a service or
something I could use where the actual DNS hardware would be someone
else's problem. I would just have to make sure that I get the
information out of my DNS system and into theirs -- then point all my
offices at that internet accessible DNS server.
I see what you are saying below, and it would work really well - I just
need to see if there is a way to do it without the extra computers.
Thank you for your help.
--John
>
> Anyway, have you considered doing something like this:
>
> Put a primary nameserver at your hub site.
> Put caching secondary nameservers at each spoke office.
> Sign up for a secondary hosting service (this is cheap,
>
> probably less than $50/year).
> Only list the hosted nameservers in your domain record and
>
> in the zone data NS records (a "hidden primary" setup).
> Point the user PCs at each spoke office to the nameserver
>
> at that office.
> Only allow zone transfers from your hosted nameservers to
>
> your primary, while the spoke office secondaries do zone
>
> transfers over the T1s.
> Use BIND views (BIND 8 or 9), subdomains, or alternate
>
> domains to restrict the DNS information on internal IPs to
>
> your private network.
>
> Benefits:
>
> You're not resolving DNS queries from the outside through
>
> your Internet connection.
> The spoke offices get fast, reliable DNS resolution for
>
> both internal (authoritative) as well as external IPs
>
> (cached), even if a connection is down.
> External queries are handled (by the hosted nameservers)
>
> even if one your ISP connections is down. Especially good
>
> if your website and/or email is hosted outside of your
>
> network.
> DNS changes only have to be made on the primary, and will
>
> propagate to all of the secondaries.
> You're only publishing public IPs (Publishing private IPs
>
> is usually frowned on, see
>
> http://www.menandmice.com/9000/9320_DNS_Corner_Q&A/93_Q&A_0
>
> 01.html [Cricket Liu wrote the O'Reilly DNS books and does
>
> the Q&A]).
> Your internal IPs aren't available via DNS to the outside
>
> world.
>
> Just a thought.
>
> Mark Robinson
>
>
>
___________________
Nolug mailing list
nolug@nolug.org
---------------------------------
Yahoo! Mail
Use Photomail to share photos without annoying attachments.
___________________
Nolug mailing list
nolug@nolug.org
Received on 02/09/06
This archive was generated by hypermail 2.2.0 : 12/19/08 EST