(no subject)

[Kevin Darcy]

1. Check to see if there are 2 "named" processes running on your box.

2. If you want to serve up only a subset or "shadow copy" of your domain to the
outside world, then since there's no way (yet) of selectively hiding certain names
within a DNS zone, you need to run a separate nameserver instance for that purpose
(same thing applies of course if the external version is completely different from
the internal version). Where you run those instances -- including the decision of
whether to run them on the same box or separate boxes -- is of course another
question and depends largely on where you are sending and receiving queries, what
your firewall/network connectivity and security policies allow, and how manageable
the setup will be in the long term. We are quite happy running multiple instances of
named on our firewalls, for instance.

I can't really address the rest with any specificity since I'm not familiar with the
capabilities of Cisco PIX firewalls or, for that matter, running DNS on NT.


- Kevin

Super News User wrote:

> From: omegauturn at hotmail.com
> Newsgroups: comp.protocols.dns.bind
> Subject: DNS SETUP HELP
> Message-ID: <3847209e.3126071 at news.goodnet.com>
> X-Newsreader: Forte Free Agent 1.11/32.235
> Lines: 51
> Date: Fri, 03 Dec 1999 01:45:03 GMT
> NNTP-Posting-Host: 209.141.106.6
> X-Complaints-To: abuse at winstar.net
> X-Trace: news.goodnet.com 944185503 209.141.106.6 (Thu, 02 Dec 1999 18:45:03 MST)
> NNTP-Posting-Date: Thu, 02 Dec 1999 18:45:03 MST
> Organization: WinStar GoodNet, Inc.
>
> Hi,
>
> I have multiple questions and I hope there's someone out there that
> can help....
>
> 1.  We have a SCO UNIX box running DNS with a network Card pointing to
> our internal network and another card pointing directly to the
> internet and this card is not going through the firewall...
> 2..   We have a CISCO PIX firewall
> 3.  Website is on a server in the  DMZ .
>
> 1st Q:
> The company that setup this for us claims that the SCO box must run
> (and it's running now)  two DNS services; one for intranet and another
> for the internet. The outside(internet)  DNS will allow requests for
> our website to point to the PIX firewall which in turn points to the
> webserver in the DMZ (they said that's how it should be!).   I'm not
> sure if we need two?.    how can I find if there's two DNS services
> running on a SCO unix?.     I checked out the UNIX box myself and I
> don't think it's running two seperate DNS services.
>
> 2nd Q:
>
> Can we setup just one DNS server that will do the JOB....   Again I
> talked to them about setting an NT box to run DNS and they said it can
> be done but we need one for the intranet and another NT box for the
> internet wich we can set it in the DMZ .  One NT box won't do it
> because NT doesn't allow u to run two DNS services on the same server.
> If we have to setup the NT box in the DMZ anyway why not use the PIX
> firewall to forward internet requests for us... and that brings me to
> my third question
>
> 3rd Q:
> Can the PIX be setup to forward all requests for our web site to the
> webserver on the DMZ and do we need a DNS dor that purpose?...
>
> 4th Q:
> If we need only one DNS server, where do u think this server should be
> setup(on the intranet or DMZ or outside the PIX)... I'm a novice to
> this and would like some insights?....
>
> I know it's confusing for me and if u need more details please let me
> know ... I need all the help and I do appreciate all of you in advance
>
> Thanks and hope u have a good day!
> Tony
> omegauturn at hotmail.com
>