Public IPs and nameservers on firewall

G. Roderick Singleton gsingleton at
Sat Nov 6 13:04:04 UTC 1999

Barry Margolin wrote:
> In article <382345C5.D7A372FB at>,
> G. Roderick Singleton <gsingleton at> wrote:
> >I have a situation where I have a firewall host that is a slave
> >to my off-site nameserver.  For this one machine everything works
> >like a charm. However, I'd like to include my hosts that use
> >a public IP ( as part of the scenario. (i.e. I'm lazy and
> >don't want to make internal roots et cetera for 5 hosts)
> 192.168.x.x is private IP's, not public.

Oops! Don't write when your tired.  Private is what I was supposed to

> You can get away with putting these A records in your off-site nameserver.
> No one outside your LAN would ever have reason to look up your internal
> PC's, so little harm can come from including them in the public DNS.
> >If stuffing them in my slave definition is not a good idea. Can I
> What do you mean by "stuffing them in my slave definition"?

I have a DNS server defined as "slave to master" local to my network.
Can I put my PRIVATE addresses in this DNS server's zone file and
achieve the same effect as if I had put them externally.

> >simply create a nameserver for the 192.168.32. hosts (PCs) and then have
> >this server, in turn, point at the local slave and so on.
> Another solution would be to put these IP's in a subdomain, and configure
> your firewall or an internal server as the master server for the
> subdomain.  If you use an internal server, it can be configured to forward
> everything else to the firewall.
> --
> Barry Margolin, barmar at
> GTE Internetworking, Powered by BBN, Burlington, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
> Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

I thought of this but put it aside because of "how to bind to port"
issues that I thought might get in the way. This is where I
see that we are getting close to having to deal with an internal

I'll try these suggestions and report back which is selected a my
G. Roderick Singleton, <gsingleton at> PATH tech,
71 Underhill Drive, Unit 159, Toronto, ON  M3A 2J8
Voice : 416-452-4583 Fax: 416-452-0036 Toll Free: 1-800-354-PATH

*** Notice To Bulk Emailers: Attention!  Pursuant to US Code, Title 47,
Chapter 5, Subchapter II, 227, any & all unsolicited commercial e-mail
sent to this address is subject to a download and archival fee in the
amount of the $1500 US and copies will be forwarded to domain
administrators.  Emailing denotes acceptance of said terms!

More information about the bind-users mailing list