Firewall DNS
Jim Reid
jim at mpn.cp.philips.com
Tue Aug 24 17:45:47 UTC 1999
>>>>> "Ewward" == Brookhouse, Edward (CRTRES) <Edward.Brookhouse at concert.com> writes:
Edward> What is the standard method of setting up DNS behind a firewall?
There's no "standard method". How you implement DNS behind a firewall
depends on what the firewall is configured to allow. That in turn
should depend on your security policy. Some sites use split DNS. Some
use forwarding. Some use an internal root. Combinations of these are
also possible. [Sometimes, these combinations are unavoidable: an
internal root by itself is probably not very useful because nothing
would be able to resolve external names.] Other considerations are
whether your net is connected to other intranets or not and, if so,
how you connect to those nets (as well as how they connect to your
net).
Once you decide what traffic and access is permitted, what name space
visibilities are allowed or denied, etc, the DNS configuration to
support or enable that set-up should pretty much suggest itself.
More information about the bind-users
mailing list