DNS of peered networks

warmongr · Apr 18, 2007

Something I've been racking my brain on.

If I had two seperate networks that I was trying to peer. Each one with it's own set of root DNS servers. As a test, could I add to my named.ca (or whichever) file an entry for the other networks root name servers. Then do the same on the other side (ask their administrator to modify his named.ca file to add your root server). Could I then send email back and forth as each root server would look for the domain authoritative for the domain in question and then find it's MX record. In theory it sounds like it might work...

If I wanted to make this a permenent thing do the top level domains then make a new root server entry?

Your thoughts?
War...

WhoKilledKenny · Apr 18, 2007

Have you tried setting up forwarders on each DNS?

http://www.petri.co.il/configure_dns_forwarding.htm

WhoKilledKenny · Apr 18, 2007

To give you a little more, because as I read the link I provided, it talks about setting up between you and an ISP. Basically it is the same idea in what you described.
Let's say yourdoamin.com wants to resolve computernames in mydomain.com.
When a client (computer1.yourdoamin.com) requests to resolve (PC5.mydomain.com), since your DNS does not host the mydomain.com zone, it will either use check to see if a forward for that doamin exists or it will use RootHints (on the Internet).

To Configure:
1. Go to properties of your DNS server -> Forwarders Tab.
2. Under DNS Domain: Select New and add mydomian.com
3. Add the IP of mydomain.com DNS server in the "Select domain's forwarder IP address list:"

Do same procedure in other domain - if required.

warmongr · Apr 19, 2007

Thanks and love the handle.

I think you've touched on the very question I asked. The issue you've described is a domain to domain solution on one monolithic network (say the internet). Now would if there were 2 monolithic networks (say internet 1 and internet 2) each with their own root servers. In your example above when it calls for RootHints to go to the root servers, the root servers are not going to know about internet 2's root servers. Therefore won't there need to be a new root server entry at the top level domain so anyone on internet 1 can resolve anybody on internet 2.(and vice-versa)?

War...

WhoKilledKenny · Apr 19, 2007

The root servers are known to everyone who is on the Internet. When I open my browser and point to

http://www.tek-tips.com,

the DNS request is going to the root server(s) for .com. So internet 1 & 2 use the same root servers, they are not managed by you or I.

I mentioned root hints as a step DNS takes to resolve names, I never ment it to be part of this solution. Sorry if I was not clear.

A couple of suggestion to set up name resolution between to disjointed domains:
-direct Point-to-Point connection WAN Link (Private Network) between two domains. Enter IPs in the Forwarders section of DNS.

-establish Point-to-Point using VPN over the internet, again enter IPs in Forwarders. Data Encryption.

WhoKilledKenny · Apr 19, 2007

To clear up any confusion with regards to root servers. Yes, each domain running DNS has a root server(your private DNS namespace). On the Internet there are also root servers (.com, .net, .org, etc...). When I am talking about root server in the post above, I'm discussing the root servers on the Internet.

Hope that makes sense...

lgarner · Apr 19, 2007

The term that you want when you discuss your own DNS is "authoritative servers". As Kenny said, "root servers" are the global roots on the internet- the "." namespace.

The "forward" zone is what you want. It depends on your implementation, but basically:

options {
forwarders { my.isp.address; };
};

zone "mydomain.com" {
type master;
file "mydomain.com.zone";
forwarders {};
};

zone "friendsdomain.com" {
type forward;
forwarders { friends.ip.address; };
};

warmongr · Apr 19, 2007

I agree with you both but I think either I'm making this too hard or not explaining it very well. Let's say there is another network equally as huge as the internet, although not currently connected to the internet. Then say someone says hey let's peer the internet with our internet. Each internet has it's own set of global root on their respective networks. The root servers on one internet does not have any knowledge of the root servers on the other internet.

The example from lgarner works well if I am on say .cox.net forwarding to my friends at .whiskey.net (You can tell it's quitting time in VA). But would if there was a .net on each of the internets.

Does that make more sense?
N

WhoKilledKenny · Apr 20, 2007

Yes, there are a million ways to get something done...
You could create new Zones, with the name space of the opposite DNS, within each DNS server. Then Setup Zone transfers so that the infomation is replicated. Then a host in ZoneA looking for a host in ZoneB would only have to query the DNS in ZoneA to resolve. Can this be done? Sure it's done all the time.

But, it really comes down to is this the best solution for the evironment or are forwarders the best solution?

Someone has to make that call.

I choose to use forwards between disjointed domains not only because it is easy to configure, it less overhead to manage.

WhoKilledKenny · Apr 20, 2007

Here is a link that describes DNS Zone Transfers:

http://www.microsoft.com/windows/windows2000/en/advanced/help/sag_DNS_und_ZoneTransfers.htm

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

DNS of peered networks

warmongr

MIS

WhoKilledKenny

MIS

WhoKilledKenny

MIS

warmongr

MIS

WhoKilledKenny

MIS

WhoKilledKenny

MIS

lgarner

IS-IT--Management

warmongr

MIS

WhoKilledKenny

MIS

WhoKilledKenny

MIS

Similar threads

Part and Inventory Search

Sponsor