Firewall Wizards mailing list archives
Re: Split DNS, who be recursive?
From: Bill_Royds () pch gc ca
Date: Thu, 30 Mar 2000 10:30:17 -0500
We have the Internal DNS take the firewall as root which then recurses on it.
This means the firewall also has the result in cache for lookup when it gets
the actual Internet service request and allows the
the DNS proxy on the firewall to verify the validity of request and result. Our
firewall is an Axent Raptor which has a DNS caching proxy.
Lance Spitzner <lance () spitzner net> on 29/03/2000 01:10:24 PM
Please respond to Lance Spitzner <lance () spitzner net>
To: firewall-wizards () nfr net
cc: (bcc: Bill Royds/HullOttawa/PCH/CA)
Subject: [fw-wiz] Split DNS, who be recursive?
Looking for architect opinions on Split DNS.
How do you configure your Internal DNS server?
When someone on your internal network queries
an Internet address, such as www.intel.com.
Do you ...
1. Have your internal server do the query,
starting with the root servers?
2. Have your internal server ask an upstream
DNS server to do the query (such as your ISP).
3. Have your internal server redirect the
client to another DNS server?
Looking for security pros/cons of each option.
Thanks!
Lance Spitzner
http://www.enteract.com/~lspitz/papers.html
Attachment:
att1.eml
Description:
Current thread:
- Re: Split DNS, who be recursive? Paul D. Robertson (Apr 04)
- Re: Split DNS, who be recursive? Lance Spitzner (Apr 10)
- <Possible follow-ups>
- Re: Split DNS, who be recursive? Don Kendrick (Apr 04)
- Re: Split DNS, who be recursive? aturner (Apr 04)
- Re: Split DNS, who be recursive? Bill_Royds (Apr 10)
- Re: Split DNS, who be recursive? Bennett Todd (Apr 10)
- RE:Split DNS, who be recursive? Jeffery . Gieser (Apr 10)
- RE: Split DNS, who be recursive? Carson, Joe (Apr 10)
- RE: Split DNS, who be recursive? Ben Nagy (Apr 10)
- Re: Split DNS, who be recursive? Chris Brenton (Apr 10)
- Re: Split DNS, who be recursive? Roger Marquis (Apr 10)
- RE:Split DNS, who be recursive? Bill_Royds (Apr 17)