alternate port / alternate way for master DNS zone xfers ?
Jan Vicherek
honza at ied.com
Sat Oct 16 01:54:45 UTC 1999
On Fri, 15 Oct 1999, Barry Margolin wrote:
> In article <Pine.LNX.4.10.9910142325530.11783-100000 at ann.ied.com>,
> Jan Vicherek <honza at ied.com> wrote:
> >On Thu, 14 Oct 1999, Joseph S D Yao wrote:
> >
> >> What is blocking DNS TCP? Is it a firewall? Is there a DNS proxy? At
> >> some level, this must be negotiable.
> >
> > You mean these guys (the admins of the organization network) will
> >actually talk to me ? Ha ha ha ... :) Not a chance. Whatever I'm trying to
> >do is my business, and they won't do a thing to make me or brake me. I'm
> >totally of no interest to them. :-(
>
> This makes no sense -- don't they work for the same people you do?
Nope. They said, "Hey, for $$$ bucks, people, you can have dedicated IP
*** AS - IS ***, we won't lift a finger to do anything about your
problems, but like we said, for $$$ bucks, people, you can have dedicated
IP *** AS - IS ***. Take it or leave it."
I took it. I think that with the power of and flexibility of Unix and the
Internet community (and ISC software), pretty much anything can be
accomplished.
Now I'm just wondering how.
> You've
> been extremely vague -- what kind of organization is this, and what's your
> relationship to it?
I pay, they do nothing. That's the relationship :-) (well, they make
sure that their network is physically connected to the internet. that's
about it.)
They only notice me when I don't pay. :) If I need something, I am,
definitely, out of luck.
> A firewall administrator is supposed to implement an
> organization's security policy, to the extent that it's technically
> feasible, not the other way around.
In a setting where all machines on the network serve the same
organisation. Mine is not the case. I've bought an inside IP "as-is". I
can do what I want, but if something doesn't work for me, I cannot go bug
the network admins to do anything about it.
> You need to talk to the organization's security people and find out if
> you're allowed to run a primary DNS on the network, with secondary servers
> outside. If you are, they should instruct the network administrators to
> fix the firewall settings. If you aren't, you shouldn't try to work around
> the firewall's restrictions, since you would be violating policy no matter
> how you implement it.
AFAIK, there is no policy other than "You can do what you want, but
what you can't do we won't assist you with." So I am on my own to do make
a secondary from the outside automatically update from my primary.
thx,
Jan
-- Gospel of Jesus is the saving power of God for all who believe --
## To some, nothing is impossible. ##
http://Vicherek.Waterloo.on.ca/
More information about the bind-users
mailing list