Split DNS, Firewalls, Forewarders, etc
dave.goldsmith at intelsat.int
dave.goldsmith at intelsat.int
Fri Jan 21 20:46:26 UTC 2000
A couple of questions regarding the 8.2, 8.2.2-P5 and the soon to be 9.X
versions
We have a split DNS setup. The 'official' world visible DNS server is in the
DMZ in front of the firewall. It is world accessible and contains
information only about the externally visible hosts.
Behind the firewall, there is the 'unofficial' master and numerous slaves.
They contain information about all the internal hosts. Currently, all of
the internal DNS server that receive queries from internal hosts are allowed
to send DNS queries out to the world.
We would like to have the internal DNS servers resolve queries for internal
hosts for which they are authoritative and for other names external to the
organization, the internal DNS servers should forward the request to the
external DNS server in the DMZ. That server should be the only one that
send DNS requests out to the Internet.
Is this currently possible with any of the 8.2 versions or do we need to
wait for 9.x which indicates much greater support for this type of
configuration. Also, we do NOT want to run a DNS server on the firewall
itself.
R/S
Dave Goldsmith
More information about the bind-users
mailing list