(no subject)
Joseph S D Yao
jsdy at cospo.osis.gov
Tue Dec 7 21:44:47 UTC 1999
On Sun, Dec 05, 1999 at 06:17:16PM -0700, Super News User wrote:
> From: "omegauturn" <omegauturn at hotmail.com>
> Newsgroups: alt.hipcrime.protocols.dns.bind,comp.os.ms-windows.networking.tcp-ip,comp.protocols.dns.bind,comp.protocols.tcp-ip,comp.protocols.tcp-ip.domains,microsoft.public.windowsnt.dns,microsoft.public.windowsnt.protocol.tcpip
> Subject: BEST DNS SETUP
> Lines: 18
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
> Message-ID: <w8E24.452$5n2.59216 at news.goodnet.com>
> Date: Mon, 06 Dec 1999 01:17:16 GMT
> NNTP-Posting-Host: 209.141.97.184
> X-Complaints-To: abuse at winstar.net
> X-Trace: news.goodnet.com 944443036 209.141.97.184 (Sun, 05 Dec 1999 18:17:16 MST)
> NNTP-Posting-Date: Sun, 05 Dec 1999 18:17:16 MST
> Organization: WinStar GoodNet, Inc.
>
> I have a question about DNS and what's the best way to set one or two
> up?....
>
> First Here's a brief description of our network:
> 1. Our internal network need to browse the internet and send email to the
> internet
> 2. External users or the internet need to get to our web site and also be
> able to send email to us.
> The website is sitting in DMZ and the email Server is sitting on the
> internal network
>
> what's the best way to setup DNS in this situation...
>
> Thanks
> Tony
> omegauturn at hotmail.com
You need a split DNS setup, as you yourself described in your previous
posting. You need to have one internal and one external DNS server. It
could be the same or different servers. There are a lot of ways to do
it: if you don't have local expertise, you can certainly get some local
security experts to come help you.
Possibilities:
remote external DNS separate internal DNS server
forwarding to DNS proxy [named]
on the firewall
remote external DNS internal DNS server on your
firewall [of which your SCO
machine is a part - hope it's
secured!]
external DNS on your SCO separate internal DNS server
forwarding to DNS proxy [named]
on the firewall - which may be
the same as the external DNS
server
external DNS on your SCO internal DNS server on your
firewall [of which your SCO
machine is a part - hope it's
secured!] running separately
form the external DNS process.
This last is your true "split DNS".
Note I haven't spoken of what system is best. My personal preference
would be some kind of Unix system; and the commodity these days would be
some kind of Intel PC Unix - BSD/OS, FreeBSD [the BIND base system],
Linux, SCO Unix, Solaris, Interactive Unix. Or, better & stronger &
faster, an Alpha PC running Linux or Compaq Tru64 Unix. I would not use
MSW-NT as part of any security infrastructure. IMHO, YMMV.
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list