Split DNS, Firewalls, Forewarders, etc
dave.goldsmith at intelsat.int
dave.goldsmith at intelsat.int
Thu Feb 3 17:03:54 UTC 2000
If I do that, won't it make the internal DNS servers 'forwarders' only ...
thus meaning that request from an internal client to the internal DNS server
for an internal name would get forwarded out to the external DNS server
(which does not have the information)?
Dave Goldsmith
-----Original Message-----
From: Barry Margolin [mailto:barmar at bbnplanet.com]
Sent: Friday, January 21, 2000 4:53 PM
To: comp-protocols-dns-bind at moderators.uu.net
Subject: Re: Split DNS, Firewalls, Forewarders, etc
In article <490B4C213EC8D211851F00105A29CA5ADD14C5 at admex1.adm.intelsat.int>,
<dave.goldsmith at intelsat.int> wrote:
>We would like to have the internal DNS servers resolve queries for internal
>hosts for which they are authoritative and for other names external to the
>organization, the internal DNS servers should forward the request to the
>external DNS server in the DMZ. That server should be the only one that
>send DNS requests out to the Internet.
>
>Is this currently possible with any of the 8.2 versions or do we need to
>wait for 9.x which indicates much greater support for this type of
>configuration. Also, we do NOT want to run a DNS server on the firewall
>itself.
This is possible with 8.2 (and even with 4.x). Just configure:
options {
forwarders { <address of DMZ server>; };
forward only;
};
and configure your firewall to allow outbound DNS queries only to the DMZ
server.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the
group.
More information about the bind-users
mailing list