Public IPs and nameservers on firewall
G. Roderick Singleton
gsingleton at home.com
Sat Nov 6 13:04:04 UTC 1999
Barry Margolin wrote:
>
> In article <382345C5.D7A372FB at home.com>,
> G. Roderick Singleton <gsingleton at home.com> wrote:
> >I have a situation where I have a firewall host that is a slave
> >to my off-site nameserver. For this one machine everything works
> >like a charm. However, I'd like to include my hosts that use
> >a public IP (192.168.32.0) as part of the scenario. (i.e. I'm lazy and
> >don't want to make internal roots et cetera for 5 hosts)
>
> 192.168.x.x is private IP's, not public.
Oops! Don't write when your tired. Private is what I was supposed to
say
>
> You can get away with putting these A records in your off-site nameserver.
> No one outside your LAN would ever have reason to look up your internal
> PC's, so little harm can come from including them in the public DNS.
>
> >If stuffing them in my slave definition is not a good idea. Can I
>
> What do you mean by "stuffing them in my slave definition"?
>
I have a DNS server defined as "slave to master" local to my network.
Can I put my PRIVATE addresses in this DNS server's zone file and
achieve the same effect as if I had put them externally.
> >simply create a nameserver for the 192.168.32. hosts (PCs) and then have
> >this server, in turn, point at the local slave and so on.
>
> Another solution would be to put these IP's in a subdomain, and configure
> your firewall or an internal server as the master server for the
> subdomain. If you use an internal server, it can be configured to forward
> everything else to the firewall.
>
> --
> Barry Margolin, barmar at bbnplanet.com
> GTE Internetworking, Powered by BBN, Burlington, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
> Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
I thought of this but put it aside because of "how to bind to port"
issues that I thought might get in the way. This is where I
see that we are getting close to having to deal with an internal
root.
I'll try these suggestions and report back which is selected a my
solution.
--
________________________________________________________________________________
G. Roderick Singleton, <gsingleton at home.com> PATH tech,
71 Underhill Drive, Unit 159, Toronto, ON M3A 2J8
Voice : 416-452-4583 Fax: 416-452-0036 Toll Free: 1-800-354-PATH
________________________________________________________________________________
*** Notice To Bulk Emailers: Attention! Pursuant to US Code, Title 47,
Chapter 5, Subchapter II, 227, any & all unsolicited commercial e-mail
sent to this address is subject to a download and archival fee in the
amount of the $1500 US and copies will be forwarded to domain
administrators. Emailing denotes acceptance of said terms!
More information about the bind-users
mailing list