Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PIX, DNS fixups and Zone Transfers

From: Luca Berra <bluca () comedia it>
Date: Tue, 27 May 2003 17:03:59 +0200
On Mon, May 26, 2003 at 09:55:50PM +0200, Bruce Smith wrote:

Thus arises our problem. Our DNS zones have one primary and 4 secondaries,
three of which are on separate sites and continents. Now when they do a zone
transfer of our zones, the mapped IP addresses are NOT changed in the zone,
so looking up on those zones brings up the new IP address, not the old. That
IP isn't visible on the 'Net. We hacked around the problem by giving each
machine two names, eg dns1.domain.com and dns1r.domain.com. dns1.domain.com,
the address known to the world at large, maps to the old IP.
dns1r.domain.com is the new one. By some careful juggling of several crates
of eggs, this is working, for the moment. However it is a precarious
position to be in.

you don't state which DNS server you are using, but BIND version 9
supports views (you can answer using differeny db files depending on the
query source), which could be just what you need.

regards,
L.

--
Luca Berra -- bluca () comedia it
       Communication Media & Services S.r.l.
/"\
\ /     ASCII RIBBON CAMPAIGN
 X        AGAINST HTML MAIL
/ \
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: