Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS behind a firewall with multiple domains?

From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Mon, 15 Mar 1999 12:12:17 -0500 (EST)
Have you considered setting up a DNS Bind Server with
records of your internal networks and a Forwarder to 
your Firewall or a DNS Server on your DMZ. According to
the 'Grasshopper' book (DNS and Bind 2nd Edition, O'Reilly & Associates, 
Inc), the internal records will always have priority over
the forwarder directive.... Using the 'slave' directive will
prevent Bind from doing non-local lookups from any other
DNS server, other then the Forwarder....

Personal Opinion Provided By
Leonard Miyata
aka leonard () geminisecure com
GEMINI COMPUTERS INC.


The third edition is out, you might want to update.

The 'slave' directive, AKA the 'forward-only' option, also prevents
lookups to other DNS servers inside the firewall.  And we can't list
all internal DNS servers with the 'dnsd' - too many, and apparently a
finite buffer.  This is probably not our solution.  But thanks anyway.

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-A/B
-----------------------------------------------------------------------
        PLEASE ... send or Cc: all "COSPO/OSIS Computer Support"
                     mail to sys-adm () cospo osis gov
-----------------------------------------------------------------------
      This message is not an official statement of COSPO policies.
Previous By Date Next
Previous By Thread Next

Current thread: