DNS through Firewall
Brian C. Hill
bchill at bch.net
Wed Feb 27 22:05:34 UTC 2002
Or use views in BIND 9.
Brian
======================================================================
On Wed, Feb 27, 2002 at 09:38:59AM -0500, Todd, Douglas M. wrote:
>
> David:
>
> Sounds like you are having a traditional split dns type of problem.
>
> You are wanting to have people look at your external dns as one type of
> system
> and people use your internal dns for private use?
>
> If this is the case then the best thing to do is to have two boxes. One for
> internal
> and one for external.
>
> ----SIGNAURE-------
> Douglas M. Todd, Jr.
> Network Engineering
> CCNP, CCDA
> Partners Health Care
> Building 149
> 149 13 Street
> Charlestown, MA 02129-200
> Tel: 617.726.1403
> Email: dtodd at partners.org
> --------------------------------------------------------------------
> PGP Finger Print: 9429 CAE3 B2D1 C2E1 DFBC E7A6 E90A 9BE5 C7B6 47BC
> Key available via email.
> Verisign S/N: 3ff65cdf58b9dceda004baeed49e16cf
> https://digitalid.verisign.com/services/client/index.html
>
>
> ==DMT>
>
> > -----Original Message-----
> > From: David Frank [SMTP:DFrank at Netegrity.com]
> > Sent: Tuesday, February 26, 2002 5:30 PM
> > To: comp-protocols-dns-bind at isc.org
> > Subject: DNS through Firewall
> >
> > Greetings,
> >
> > I am having a problem with our new DNS server. Our old DNS server was also
> > our firewall, so restricting access was relatively easy. Our new DNS
> > server
> > (no longer on the firewall)has a non-routable IP Address NAT'd to an
> > external DNS. The problem I am having is what to put in my db.local for a
> > name server. dns.datachannel.com resolves to an external address so that
> > would seem to cause a problem as the local host has an address on the
> > 10.1.1.x/24. Also, I know dig is the prefered trouble shooting tool and
> > nslookup is not a good test, but when I do an nslookup it is unable to
> > resolve itself as a DNS server.
> >
> > What is the most common way of securing your external DNS servers behind a
> > firewall while still allowing the functionality you need for address
> > resolution?
> >
> > Thank you for your time,
> >
> > David Frank
> >
> >
--
_____________________________________________________________________
/ Brian C. Hill bchill at bch.net http://brian.bch.net \
| Unix Specialist BCH Technical Services http://www.bch.net |
More information about the bind-users
mailing list