Split DNS, Firewalls, Forewarders, etc

Barry Margolin barmar at bbnplanet.com
Fri Jan 21 21:52:57 UTC 2000


In article <490B4C213EC8D211851F00105A29CA5ADD14C5 at admex1.adm.intelsat.int>,
 <dave.goldsmith at intelsat.int> wrote:
>We would like to have the internal DNS servers resolve queries for internal
>hosts for which they are authoritative and for other names external to the
>organization, the internal DNS servers should forward the request to the
>external DNS server in the DMZ.  That server should be the only one that
>send DNS requests out to the Internet.
>
>Is this currently possible with any of the 8.2 versions or do we need to
>wait for 9.x which indicates much greater support for this type of
>configuration.  Also, we do NOT want to run a DNS server on the firewall
>itself.

This is possible with 8.2 (and even with 4.x).  Just configure:

options {
  forwarders { <address of DMZ server>; };
  forward only;
};

and configure your firewall to allow outbound DNS queries only to the DMZ
server.


-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.



More information about the bind-users mailing list