alternate port / alternate way for master DNS zone xfers ?
Barry Margolin
barmar at bbnplanet.com
Fri Oct 15 14:59:19 UTC 1999
In article <Pine.LNX.4.10.9910142325530.11783-100000 at ann.ied.com>,
Jan Vicherek <honza at ied.com> wrote:
>On Thu, 14 Oct 1999, Joseph S D Yao wrote:
>
>> What is blocking DNS TCP? Is it a firewall? Is there a DNS proxy? At
>> some level, this must be negotiable.
>
> You mean these guys (the admins of the organization network) will
>actually talk to me ? Ha ha ha ... :) Not a chance. Whatever I'm trying to
>do is my business, and they won't do a thing to make me or brake me. I'm
>totally of no interest to them. :-(
This makes no sense -- don't they work for the same people you do? You've
been extremely vague -- what kind of organization is this, and what's your
relationship to it? A firewall administrator is supposed to implement an
organization's security policy, to the extent that it's technically
feasible, not the other way around.
Either the firewall is properly implementing company policy, in which case
what you're trying to do is a violation of that policy and you should not
do it, or what you're doing is within company policy and the network
administrators are not doing their job when they refuse to adjust its
configuration to allow it.
You need to talk to the organization's security people and find out if
you're allowed to run a primary DNS on the network, with secondary servers
outside. If you are, they should instruct the network administrators to
fix the firewall settings. If you aren't, you shouldn't try to work around
the firewall's restrictions, since you would be violating policy no matter
how you implement it.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list