Firewall DNS
Joseph S D Yao
jsdy at cospo.osis.gov
Tue Aug 24 18:30:34 UTC 1999
> What is the standard method of setting up DNS behind a firewall? If my
> nameserver can not reach the root servers, it will hang....
>
> I have read where you can set up a forwarding directive that will send
> requests to another nameserver that CAN reach the root servers.. It this the
> only way ?
How you do this depends on the nature of your firewall. Typically, a
good firewall will have a DNS proxy - which may be BIND itself. The
internal name server does a forward / forward-only to the proxy running
on the firewall. This then passes all requests out. The firewall's
local DNS is very limited, and it resolves from the internal name
server. You restrict queries to come from the inside.
You may also run, in parallel, a name server responding to the outside
but resolving only that small part of your name speace that you don't
mind known outside.
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list