Question

BIND Forward Lookup Zones?

DNS, Bind

Our company is directly connect to a partner but have seperate LANs, DNS, etc. and are seperated by a firewall.
Our company NATs our addresses to them and they NAT their addresses to us.
Both companies access each others resources (intranet mainly).

They use one.com for resolution of our translated addresses in their private DNS.

We use two.com for everything on our network to resolve address on our LAN it is also our external domain name (two.com)

We also have one.com in our forward lookup zone to resolve their translated addresses.

We recently ran into an issue where some of our web apps need to use the FQDN xxx.two.com or they will fail.
Their people cannot connect to a lot of the web apps because they cannot resolve xxx.two.com because they use xxx.one.com.

They use BIND for their private DNS. Is it possible to add a forward lookup zone, two.com, in BIND to resolve our private addresses? If yes, will they be unable to resolve two.com public entries, like www, if they don't manually enter them into the two.com forward lookup zone or will BIND say "Hey, www.two.com is not in this forward lookup zone, let me check the public DNS server"? They claim they cannot add a forward lookup zone at all.

Hi Beecee,

I believe the best solution to your problem would be to make dns.one.com a slave DNS for two.com, and vice versa dns.two.com a slave DNS for one.com. Thus, any changes in any of your zones will propagate automatically to other one.

You don't give any details on NATting you make between the LANs but BIND happily supports separate internal/external "views", so any NAT setup could be handled with some imagination.

BR,

Petko