rfc1918 ns records coming from internet are queried?
David Sparks
dave at ca.sophos.com
Wed Nov 26 19:49:18 UTC 2008
> However, if you're concerned, it's pretty easy to set up a more secure
> infrastructure. Put a resolver (resolving name server) at the edge of
> your network (in a DMZ, presumably) that knows nothing of internal
> domains (nor IP address space). It refuses to send queries to private
> addresses, but will answer queries coming from them. Then set up an
> internal resolver that knows about your private namespace; for any
> outside domains, it forwards to the server on the edge of your
> network. Have client machines send queries to the internal resolver,
> not to the edge resolver.
That will work but I was hoping for something like:
view "internet" {
filter-rfc1918-responses yes;
...
However I'm not concerned. :)
ds
More information about the bind-users
mailing list