Need Clarification : DNS translated Addresses
Jeff Donovan
jdonovan at beth.k12.pa.us
Thu Jan 18 14:02:29 UTC 2001
Greetings
I have noticed much discussion about internal and external dns for
translated ip addresses. I need a little clarification on what is the
correct setup to provide dns to translated addresses (ip nat) and
still provide the same dns services i currently hold.
here is my current setup:
((iNet))-----[ router/switch 1 running NAT ]
| | | |
IP |fake |real |real |--real-{Primary DNS/MAIL}
LAN A B C D
My current project has me setting up the classic DMZ to firewall to
internal Network. Inside the internal network I will have a mix of
Real and fake addresses.
((iNet))-----------[ Router/Switch 1 running NAT]
|
|
|---DMZ--
|
|
{ IPF/Firewall }
|
|
[ router/switch 2 running NAT ]
| | | |
| | | |
LAN A B C D
My Question is: where do I place My primary DNS & MAIL? Do I place it
behind the firewall? If yes I assume I must open port 53 UDP/TCP.
or
Do I place it in the DMZ? If yes, do I set up a Secondary Server
behind the firewall?
What is the proper way to deal with "FAKE" addresses ; ie 10.1.1.1
yes these are translated to a real address, but what is the proper
way to resolve these addresses for internal use and maintain outside
services?
Info, recommendations, flames, and general discussions welcome
--jeff
--
------------------------------------------------------------------------
Jeff Donovan Network Analyst
Bethlehem Area School District Information & Communication Technologies
Bethlehem, PA 18020 (610) 807-5571 jdonovan at beth.k12.pa.us
More information about the bind-users
mailing list