bind on DMZ
Damien Hull
dhull at digitaloverload.net
Fri Dec 23 20:45:26 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This helps.
I just wasn't sure if a DNS server has to have a public IP or not. This
DNS server is going to be master for a .com domain.
I've never herd of "views". I'll have to look into that.
Thanks for the info.
Joseph S D Yao wrote:
> On Thu, Dec 22, 2005 at 11:24:02AM -0900, Damien Hull wrote:
> ...
>
>>I would like to setup a name server for a domain on a DMZ (192.168.1.0).
>>Is there anything special I need to do when I'm on a privet address space?
>>
>>My firewall/router will be forwarding DNS traffic to the server.
>
> ...
>
>
> There is nothing different between using RFC 1918 IP addresses in BIND
> and using any other IP addresses.
>
> You should use ACLs to restrict access to your internal DNS to internal
> users only. If you are serving both public and private IP address
> space, you should use "views" to separate the two. If you have any
> other name servers that are slaving copies of these zones from a master
> copy that is different for different views, see Cricket Liu's "Views in
> BIND 9" on O'Reilly's Web site.
>
> If your name server itself has an RFC 1918 IP address, and you want it
> accessible on the public Internet, you'd better have something that
> translates a public IP address to the RFC 1918 IP address (like your
> "firewall"/router).
>
> I can't think of any other meanings to your somewhat vaguely worded
> question; have I hit on any that help you?
>
- --
You can get my public PGP key at https://keyserver.pgp.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFDrGHm+rNhalK/8UURAmCFAKCBxP5ddExE4Blo4Q74Cj70SQrVQQCcCe5Z
gPNx/ABZA9wxcMTiqDYnAJQ=
=ZTjW
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list