alternate port / alternate way for master DNS zone xfers ?

Jan Vicherek honza at ied.com
Sat Oct 16 01:54:45 UTC 1999


On Fri, 15 Oct 1999, Barry Margolin wrote:

> In article <Pine.LNX.4.10.9910142325530.11783-100000 at ann.ied.com>,
> Jan Vicherek  <honza at ied.com> wrote:
> >On Thu, 14 Oct 1999, Joseph S D Yao wrote:
> >
> >> What is blocking DNS TCP?  Is it a firewall?  Is there a DNS proxy?  At
> >> some level, this must be negotiable.
> >
> >  You mean these guys (the admins of the organization network) will
> >actually talk to me ? Ha ha ha ... :) Not a chance. Whatever I'm trying to
> >do is my business, and they won't do a thing to make me or brake me. I'm
> >totally of no interest to them. :-(
> 
> This makes no sense -- don't they work for the same people you do? 

  Nope. They said, "Hey, for $$$ bucks, people, you can have dedicated IP
*** AS - IS ***, we won't lift a finger to do anything about your
problems, but like we said, for $$$ bucks, people, you can have dedicated
IP *** AS - IS ***. Take it or leave it."

 I took it. I think that with the power of and flexibility of Unix and the
Internet community (and ISC software), pretty much anything can be
accomplished.

 Now I'm just wondering how.

> You've
> been extremely vague -- what kind of organization is this, and what's your
> relationship to it? 

   I pay, they do nothing. That's the relationship :-) (well, they make
sure that their network is physically connected to the internet. that's
about it.)
   They only notice me when I don't pay. :) If I need something, I am,
definitely, out of luck.

> A firewall administrator is supposed to implement an
> organization's security policy, to the extent that it's technically
> feasible, not the other way around.

   In a setting where all machines on the network serve the same
organisation. Mine is not the case. I've bought an inside IP "as-is". I
can do what I want, but if something doesn't work for me, I cannot go bug
the network admins to do anything about it.

> You need to talk to the organization's security people and find out if
> you're allowed to run a primary DNS on the network, with secondary servers
> outside.  If you are, they should instruct the network administrators to
> fix the firewall settings.  If you aren't, you shouldn't try to work around
> the firewall's restrictions, since you would be violating policy no matter
> how you implement it.

   AFAIK, there is no policy other than "You can do what you want, but
what you can't do we won't assist you with." So I am on my own to do make
a secondary from the outside automatically update from my primary.

 thx,

    Jan



 -- Gospel of Jesus is the saving power of God for all who believe --
                ## To some, nothing is impossible. ##
                   http://Vicherek.Waterloo.on.ca/



More information about the bind-users mailing list