Re: DNS/Routing advice

[Christopher McCrory <chrismcc () pricegrabber com>]

Hello...


Dan Lockwood wrote:
> Everyone,
>  
> I have a customer that is multihomed, to a public ISP and to another 
> large network that uses 10.0.0.0 address space.  The private address 

The other large network is, IMHO, broken for doing this.  The address 
space is no longer 'private'.


> space also has services available via public address space and 
> consequently is running a split DNS service, public and private.  
> Because of firewalls and the placement of DNS servers this customer has 
> a nasty routing situation and in order to make DNS work for the private 
> numbers, has spoofed the domain of the private network.  My question is 

Have you thought about DNS 'forwarding' ?

something like this in your DNS server:

zone "broken.company" {
        type forward;
        forwarders {
                10.0.0.1;
                10.0.0.2;
// first using private address space publicly
// then not even putting DNS on seperate networks
// lamers
       };
 };

instead of running their zone locally?



> this: are there any documents or RFCs that outline what is an acceptable 
> practice for running DNS and what is not?  Their kluge of a network 

IMHO, this is a broken network issue not really a DNS issue.

> causes continuous problems for both the upstream ISP and the private 
> network to which they are connecting and we may find ourselves in a 
> situation where we have to say that 'xyz' is an acceptable way of 
> operating and 'abc' is not.  Any advice is appreciated.  Thanks!
>  
> Dan Lockwood



And please don't post in HTML.

--
Christopher McCrory
 "The guy that keeps the servers running"

chrismcc () pricegrabber com
 http://www.pricegrabber.com

Let's face it, there's no Hollow Earth, no robots, and
no 'mute rays.' And even if there were, waxed paper is
no defense.  I tried it.  Only tinfoil works.