Re: DNS Question

[Nathaniel Hall <halln@xxxxxxx>]

We are not able to push DNS updates to our ISP so we have to register through a page on their site.  Naturally, this takes a few days.  Our goal is to make it easier for us to create DNS entries in our DMZ DNS so that we can use the entry internally only.  Is there an easy way to send the query on to the ISP if the domain.com entry isn't found in the DMZ DNS?

Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking

halln@xxxxxxx
417-447-7535

David Cary Hart wrote:

On Fri, 2004-12-17 at 15:14 -0600, Nathaniel Hall wrote:
  

Our DNS resolves domain.com.  I have system1.domain.com correctly 
resolving using the DMZ DNS.
The ISP DNS also resolves system1.domain.com for users outside the 
firewalls.  In addition to system1, system2.domain.com resolves on the 
ISP DNS from the outside.

If I am on the inside and try to resolve system2.domain.com, it doesn't 
get resolved because it is not setup in the DMZ DNS.  I want to be able 
to resolve system2.domain.com by passing the query from the DMZ DNS to 
the ISP DNS.

I know it is confusing.  If there are any questions, let me know.
    

It's not confusing at all. I just wonder why. We use our ISP for domain
dns so that they provide a reverse email pointer. However, we run bind
(named) as a caching name server on the LAN. We have a tqmcube zone
defined so that clients can set up dns to, well, "dns" outgoing mail to
"smtp" a proxy to "squid," etc. There's no conflict.

The advantage is faster resolution on the WAN with simplicity on the LAN
(no HOSTS required).
________________________________________________________________________
Total Quality Management - A Commitment to Excellence
http://www.TQMcube.com