2 Questions - forward zone and DNS firewalling
Grant Taylor
gtaylor at tnetconsulting.net
Fri Oct 26 15:46:39 UTC 2018
On 10/26/2018 01:08 AM, N6Ghost wrote:
> maybe its just old habits,
Fair enough. I know that I have plenty of my own old (¿bad?) habits too.
> i think its a bad idea to build your infrastructure in a way the needs
> forward zones to work. not when you can build it with proper delegation.
> i just think when building namespaces proper delegation should be used
> and forward zones should be avoided if you can.
Ah.
I see forward zones, and slaving, as tools to help enable restricted
environments work. Specifically where there is proper delegation as
seen by the larger organization and / or the Internet. I've had a few
departments where they were not allowed to access anything outside their
network. So their local DNS server (running on a multihomed bastion)
would slave or forward zones from the larger organizational namespace.
The limitation was imposed by the small department, not an issue with
the overall namespace.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20181026/d5c8d0c0/attachment.bin>
More information about the bind-users
mailing list