>>>>> "Shawn" == Shawn Bierman <BiermanS@xxxxxxxxxxxxxxxxxxx> writes:
Shawn> What must the client on the other end of the VPN do to
Shawn> access the view I = am hosting on my dns? They have their
Shawn> own DNS servers. Would it be a = forwarder statement or
Shawn> must he use a view too?
A client on the VPN needs to know that queries for your name space
should be pointed at your servers which are providing split DNS for
that space into the VPN. One way of doing that is forwarding which is
exceptionally dumb and error-prone. It's best avoided. A better way
would be for the client's name servers to be slave servers for your
zones: they'd get the version that's visible to them in the view
you're presenting to the VPN. Another option would be to put name
servers on the VPN which provided the zones which each organisation on
the VPN chooses to make available to the others. Whatever approach
will work best for your environment depends on lots of factors you've
not disclosed, like the level of DNS clue in the organisations using
the VPN; prevailing security policies; etc, etc. [No, don't bother
telling us. If you want more detailed advice and recommendations, you
should hire an experienced DNS consultant.]
The client's don't need to use views. They may well want to implement
split DNS -- not necessarily using views -- so that they can keep you
away from all of their name space.
|
