Date: Mon, 6 Jan 2003 17:36:52 +0100 From: Peter Much <pmc@citylink.dinoex.sub.org> To: Terry Lambert <tlambert2@mindspring.com> Cc: Peter Much <pmc@citylink.dinoex.sub.org>, Gregory Neil Shapiro <gshapiro@FreeBSD.ORG>, hackers@FreeBSD.ORG Subject: Re: sendmail: how to get the named of FreeBSD4.7 standards compliant? Message-ID: <20030106173652.A495@disp.oper.dinoex.org> In-Reply-To: <3E134659.78028611@mindspring.com>; from tlambert2@mindspring.com on Wed, Jan 01, 2003 at 11:49:45AM -0800 References: <no.id> <20030101181330.C8233@disp.oper.dinoex.org> <3E134659.78028611@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
! > Background: This environment should be configured to use ! > an internet connection for internet-relevant things, but to ! > work flawlessly without such a connection as long as matters ! > do concern only systems within the LAN. ! ! This is called a "split horizon DNS", and you need to run two ! DNS servers, one interior, and one exterior, both authoritative ! for your domain, in order for this to work. The problem is that ! you are forwarding a request that should be local, and you are ! doing it because your local server does not pass the authority ! test for your local domain. Well, I think I got it now. What I did not know was that any nameserver installation is expected to always have some kind of root nameserver accessible (either the real ones from the internet, or elseways a local shortcut) in order to function properly. Failing this seems not to hurt as long as only hostnames and domains are resolved which actually do exist in the zone files. But when sendmail (or the resolver) doesn't find an AAAA record for some FQDN, it next tries to resolve the short hostname - and the local nameserver seems not to consider itself authoritative for an unqualified hostname (which would be indistinguishable from a TLD, anyway). ! I have been told that BIND 9 can solve this problem with two ! different "views"; however, I do not believe it. I wrote a ! BCP RFC for this, which ended up not getting published, as I ! did not push it on the promise that the views would solve the ! problem, and arrive much sooner than they did. I believe it ! is still available from: ! ! ftp://ftp.whistle.com/pub/terry/drafts/draft-lambert-dns-split-00.txt Yes, this paints my configuration. And now I do not think that a "split horizon" configuration could solve my problem at all. Because if it could tell me that my unqualified hostname does not exist (without querying the outside), then it would also tell me that FreeBSD.org does not exist... So I see only three strategies: 1. Keep the internet connection available at anytime. 2. Use the BrokenAAAA hack. 3. Configure IPv6 in the LAN. regards, Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030106173652.A495>