split dns & cisco pix firewall

colm ennis colm at gradient.ie
Fri Nov 12 14:48:41 UTC 1999

I currently have 2 bind processes living on one internal dns server. One process
serves our real namespace to internal hosts, the other serves a shadow namespace 
to the internet. I was thinking of having just one bind process serving internal 
and external requests. Cisco pix "alias"'s, "static"'s and "conduit"'s would provide
the internet with access to those hosts we want to expose. DNS requests replies 
travelling out to the internet via the pix would have their result field rewritten 
as mentioned in the "alias" command reference :

Is this feasable and/or recommended?


