9.1.3. Procedure – Setting up split-DNS configuration

Setting up a split DNS service is useful in networks where both external and internal name resolution is performed using the same DNS server – in this case the PNS firewall. Since hiding the internal namespace from external visitors is a basic security requirement, you have to set up the DNS service in a way that it does not resolve internal names for external resolvers. In other words, for all DNS zones stored on the server you have to specify which networks can query for records in the given zone.

1. Add the Text Editor component.

2. Select the split-dns template.

   Two skeleton files are created, a named.conf and a named.conf.shared.

   The named.conf.shared file holds records and configuration settings that are shared between external and internal name resolution operations, while named.conf has options to specify internal and external networks (internalips and externalips). These networks can then be referenced in db.domainname file(s) to specify which networks can have access to what records.

   For more information on split-dns configuration and DNS configuration in general, see Appendix B, Further readings.