bind on DMZ
Joseph S D Yao
jsdy at center.osis.gov
Fri Dec 23 20:07:16 UTC 2005
On Thu, Dec 22, 2005 at 11:24:02AM -0900, Damien Hull wrote:
...
> I would like to setup a name server for a domain on a DMZ (192.168.1.0).
> Is there anything special I need to do when I'm on a privet address space?
>
> My firewall/router will be forwarding DNS traffic to the server.
...
There is nothing different between using RFC 1918 IP addresses in BIND
and using any other IP addresses.
You should use ACLs to restrict access to your internal DNS to internal
users only. If you are serving both public and private IP address
space, you should use "views" to separate the two. If you have any
other name servers that are slaving copies of these zones from a master
copy that is different for different views, see Cricket Liu's "Views in
BIND 9" on O'Reilly's Web site.
If your name server itself has an RFC 1918 IP address, and you want it
accessible on the public Internet, you'd better have something that
translates a public IP address to the RFC 1918 IP address (like your
"firewall"/router).
I can't think of any other meanings to your somewhat vaguely worded
question; have I hit on any that help you?
--
Joe Yao
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
More information about the bind-users
mailing list