Split-DNS: why not usable as DNS-server for any other hosts on the network?

[john99]

Hallo,

Split dns: - Zimbra :: Wiki
->A Split DNS avoids this problem by providing an internal DNS server that can be used to resolve
->the internal address of the server. This guide will detail how to set up a very specific, single-host
->DNS server that can be installed on the Zimbra host itself so that it can resolve its own address.
->This should not be used for a multi-node Zimbra installation, and should not be used as the DNS
->server for any other hosts on your network.


Why such an internal Split_DNS server should not be used for any other host on the network?

Thank's a lot!

John

PS:
We intend to install the internal DNS-Server(probably TinyDNS) on the same server as Zimbra, but in a VMware wirtual machine.

[phoenix]

Quote:

Originally Posted by john99

Why such an internal Split_DNS server should not be used for any other host on the network?

As far as I know (but I'm not a DNS expert), there's no reason why you can't use it for other hosts. I have DNS set-up on my LAN to resolve the Zimbra IP and as the general DNS for the rest of the networked PCs. I had that for the 2+ years that Zimbra has been installed and I've had no problems.

[phoenix]

Ah, to my shame I've never checked the Split-DNS in detail as I've always used the DNS In a Nutshell thread as my reference. The reason it specifies that you don't use it for anything else is because the zone that's specified in the wiki article is purely for the Zimbra server - it specifies the FQDN of the server as the zone. For example, the wiki:

Code:

// We are the master server for server.example.com
zone "server.domain.com" {
    type master;
    file "db.server.example.com";
};

and the one I use (from the DNS in a Nutshell) for my domain:

Code:

zone "mydomain.com" {
	type master;
	file "/var/named/mydomain.com.hosts";
};

[dwmtractor]

I'm no DNS expert either, but can't the same DNS server host multiple zones? Of course it must. . .that's how all those big DNS servers "out there" do it. . .

I have my own simply set up for its own server and then have forwarders listed for all the other requests, but even that allows it to serve as the DNS server for that subnet.

But I don't see why you can't create more than one zone on your server.

[phoenix]

Quote:

Originally Posted by dwmtractor

But I don't see why you can't create more than one zone on your server.

You can, it's just the description (and warning) of the wiki article he was asking about. I was just pointing out what it was and why the warning, at least I thought I was.

[dwmtractor]

Quote:

Originally Posted by phoenix

You can, it's just the description (and warning) of the wiki article he was asking about. I was just pointing out what it was and why the warning, at least I thought I was.

I understand YOU, Bill, but I don't understand the prohibition in the wiki. Would it not be more factually correct to say "you can use this DNS for other servers, but don't be dumb and try to make yourself the master (i.e. authoritative) for them" instead of saying "don't go there at all?"

[phoenix]

The warning is only there because the DNS set-up is described in that article to answer one specific question - how to run a DNS server on the ZImbra server and ensure it can find itself. That's the only reason the warning is there, it could be changed to the same format as the DNS In a Nutshell thread and then the warning wouldn't apply.

[dwmtractor]

Quote:

Originally Posted by phoenix

The warning is only there because the DNS set-up is described in that article to answer one specific question - how to run a DNS server on the ZImbra server and ensure it can find itself. That's the only reason the warning is there, it could be changed to the same format as the DNS In a Nutshell thread and then the warning wouldn't apply.

So how about if we change it to read:

Quote:

Warning: These instructions are for setting up a DNS server for Zimbra's internal needs only. While there is no technical reason that you cannot use the same server for broader DNS needs, be sure you research the appropriate technical and security limitations before doing so.

As for the part about multi-node setups, I have no knowledge there at all and so don't know if that's still correct or also should be edited.

[phoenix]

I'd prefer to leave it as-is or change the format of the article to the DNS In A Nutshell thread, the warning is then superfluous.