split dns & cisco pix firewall
colm ennis
colm at gradient.ie
Fri Nov 12 14:48:41 UTC 1999
I currently have 2 bind processes living on one internal dns server. One process
serves our real namespace to internal hosts, the other serves a shadow namespace
to the internet. I was thinking of having just one bind process serving internal
and external requests. Cisco pix "alias"'s, "static"'s and "conduit"'s would provide
the internet with access to those hosts we want to expose. DNS requests replies
travelling out to the internet via the pix would have their result field rewritten
as mentioned in the "alias" command reference :
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v44/pix44cfg/pix44cmd.htm#xtocid266783
Is this feasable and/or recommended?
thanx,
colm ennis
More information about the bind-users
mailing list