Dns and security ?!
Barry Margolin
barmar at bbnplanet.com
Fri Sep 3 21:00:46 UTC 1999
In article <37D02BCD.35B4D987 at cgi.ca>,
Daniel Voyer <daniel.voyer at cgi.ca> wrote:
>BUT...if I test this security, I'm connect (dialup) to the Internet with
>my litle isp and doing an nslookup.
>First, I set server to the split dns on the firewall.
>nsloukup
>server splitdns.domain.ca
>After, I can set server with an Internal ip address of one of the
>internal dns
>server 172.20.50.30
>and it pass? I can not do any transfer zone but I can have an Internal
>sever with a none-valid ip address.
Are you able to look up anything after doing that command? The "server"
command doesn't try to do any communication with the server address you
give it, it just sets things up so that the next lookup you do will try to
ask that server.
Since your internal network uses RFC 1918 addresses, you should not be able
to communicate with it at all from another ISP.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list