Opinion wanted: DNS with firewall setup
Jozef Skvarcek
jozef at photonfield.net
Wed Jan 17 03:01:36 UTC 2001
Hello,
I am planning to deploy following DNS topology and I am interested in
the opinion of those who care. I want to put master server for our
domains on the internal network then couple slaves in the DMZ. The
master and another internal slave will forward recursive querries
from internal clients to the slaves in the DMZ. Then I want to set up
few external non-recursive slave servers that will be publicly
authoritative for our zones. The external servers will have to transfer
the zone files from the DMZ slaves. Will the later work?
I don't want to place the external servers into the DMZ in order to
save some resources on the firewall, the external servers will be placed
behind a hardware packet filtering device anyway. We have some dynamic
zones too, therefore, I do not want to place the master into the DMZ
(again, trying to save firewall resources).
Is it worth to setup DNSSEC these days? i.e. would someone out there on
the web be able to take advantage of it? I successfully installed DNSSEC
in the lab, however, I haven't tried to contact DNS admin of our parent
zone (.com) in order to get my keys signed. Does anyone have any
experience with that?
Thanks,
Jozef
More information about the bind-users
mailing list