DNS through Firewall

Brian C. Hill bchill at bch.net
Wed Feb 27 22:05:34 UTC 2002 

	Or use views in BIND 9.

Brian
======================================================================
On Wed, Feb 27, 2002 at 09:38:59AM -0500, Todd, Douglas M. wrote:
> 
> David:
> 
> Sounds like you are having a traditional split dns type of problem.
> 
> You are wanting to have people look at your external dns as one type of
> system
> and people use your internal dns for private use?
> 
> If this is the case then the best thing to do is to have two boxes. One for
> internal
> and one for external. 
> 
> ----SIGNAURE-------
> Douglas M. Todd, Jr.
> Network Engineering
> CCNP, CCDA
> Partners Health Care
> Building 149
> 149 13 Street
> Charlestown, MA 02129-200
> Tel: 617.726.1403
> Email: dtodd at partners.org
> --------------------------------------------------------------------
> PGP Finger Print: 9429 CAE3 B2D1 C2E1 DFBC  E7A6 E90A 9BE5 C7B6 47BC
> Key available via email.
> Verisign S/N: 3ff65cdf58b9dceda004baeed49e16cf
> https://digitalid.verisign.com/services/client/index.html
> 
> 
> ==DMT>
> 
> > -----Original Message-----
> > From:	David Frank [SMTP:DFrank at Netegrity.com]
> > Sent:	Tuesday, February 26, 2002 5:30 PM
> > To:	comp-protocols-dns-bind at isc.org
> > Subject:	DNS through Firewall
> > 
> > Greetings,
> > 
> > I am having a problem with our new DNS server. Our old DNS server was also
> > our firewall, so restricting access was relatively easy. Our new DNS
> > server
> > (no longer on the firewall)has a non-routable IP Address NAT'd to an
> > external DNS. The problem I am having is what to put in my db.local for a
> > name server. dns.datachannel.com resolves to an external address so that
> > would seem to cause a problem as the local host has an address on the
> > 10.1.1.x/24. Also, I know dig is the prefered trouble shooting tool and
> > nslookup is not a good test, but when I do an nslookup it is unable to
> > resolve itself as a DNS server.
> > 
> > What is the most common way of securing your external DNS servers behind a
> > firewall while still allowing the functionality you need for address
> > resolution?
> > 
> > Thank you for your time,
> > 
> > David Frank
> > 
> > 

-- 
   _____________________________________________________________________
  / Brian C. Hill	bchill at bch.net   	http://brian.bch.net	\
  | Unix Specialist	BCH Technical Services	http://www.bch.net	|

More information about the bind-users mailing list