stealth with views?
Jonathan Reed
cronstate at gmail.com
Thu Nov 7 18:52:51 UTC 2013
I'd like my global BIND server to slave a copy of my zone from the master
being hosted on my LAN. It appears that this is called a stealth setup. I
figured I'd achieve this by having the secondary on the internet slave a
view, but I've read that this is not ideal from a security standpoint. The
argument being that the zone file contains an IP address of it's master. So
whats the best way to do this?
A stealth scenario also seems susceptible to a higher chance where the
connection is lost between master and slave (complicated by a LAN
firewall/ISP in between) and the expire exceeding. We're hosting our global
DNS through a provider, so there doesnt seem like an easy way to monitor
and confirm a zone transfer from our master alone. Any recommendations?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131107/36cd43b1/attachment.html>
More information about the bind-users
mailing list