-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 09.08.2015 um 06:58 schrieb Josh Kuo: > Add www.mydomain.co.nz to your internal zone, that is one common > way to deal with it. With BIND you can keep the common records in a > separate file and use "include" statement to avoid double entry. > > > >> On Aug 9, 2015, at 12:50 AM, Dave Koelmeyer >> <dave.koelme...@davekoelmeyer.co.nz> wrote: >> >>> On 09/08/15 16:44, Dave Koelmeyer wrote: >>> >>> - lookups to www.mydomain.co.nz fail, where www.mydomain.com is >>> my public webserver defined in my domain registrar's zone file >> >> Correction: this should obviously read "lookups to >> www.mydomain.co.nz fail, where www.mydomain.co.nz is my public >> webserver defined in my domain registrar's zone file". >> >> >> -- Dave Koelmeyer http://blog.davekoelmeyer.co.nz GPG Key ID: >> 0x238BFF87 _______________________________________________ Please >> visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users
Using the same domain with two seperate contents is just bad practice. And when you decide to use DNSSec sometime in the future it will leave your home network inoperable, because the trust delegations won't work anymore. You should use the zone mydomain.co.nz only for public internet hosts and create a subdomain for your homenetwork, e.g. home.mydomain.co.nz. If the hostnames at home don't need to be resolvable in the internet you don't even have to delegate the subdomain. Just create that zone on your home nameserver and make sure your entire home network uses this server as a resolver. That way your home clients will be able to lookup hosts in both zones while clients on the internet will only see the public zone. And concerning your "forward first" statement, you should change that to "forward only". If your ISPs resolvers can't find a hostname there's no need for your home-resolver to try again. It can just accept that the host is not resolvable and pass on the NXDOMAIN to the client. This will speed up you name resolution considerably. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJVxvVWAAoJECKEz6pWghImK7IP/A0/NShUls9cRKvAJIEHFuBY 9MEDHSBCG6+kj2xuEmkr6el5ciDR9gT8YYHchYGSsZOSL84B+fpmiCAaRdogCEzt MN/jGJivR9Xm902VvzAPzz0zRG0VkQA3C+iyW/VNaqzHIDWOi+iemx/sQR2dKbJb deeruvUZYOw95OOgXvOvsI7vmmKfoZ/RmLFyF4fj2zWRLK/1hzuA/GfkpxkXnnnR 2S2wVMKv2ewPQ8gyEpjEGJ2rSKhWVF/ybk1wDpDD4Kg4HgYuJ+uvxwb9vD34TNsV 2zbKNfnXv69jcHhtPacwbJsFdB8kFM2rXbrhBPZ5CeH+gQ2RDUNKJkeJTDM+Ziem DdPTr7SHxdJGXMGJQq+MTet2NQMsDwAtym0gDSl0fFxBRD9x4L+1azpqucwftEjf +Nl563AsoO7eCgE58w2tJMOtC/b8nGK3YvNOobM87jh/RhoDVQYsTET1iTCxff59 rZVLhyGMwwvC+dVD5OiB90506qDww7gzPmCD1EijDNXiYfYu/GMpIGK13ePcAjoU mzqCyYKaWbXW5fp86ndB6aaTa1PcrFw+WjeygNvF/nQg4JR7yqfA+1/xGPdG/IWy 45IEm1t/lRu7NNpHpw53rVOpNLmLbQLUPE/AbwULkFV6ghOrLsb907545euZkIp/ jZy3D+T7qXH65RwkPZuO =NHT5 -----END PGP SIGNATURE----- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
