Help! DNS Config Inquiry
Simon Waters
Simon at wretched.demon.co.uk
Thu Jul 12 19:53:05 UTC 2001
Chris Coddington wrote:
>
> I don't want subdomain.mydomain.com to be known to anyone outside the
> firewall by digging server "x". Is this config possible?
Yes and easy - so do it.
The magic is that if a server is master for a domain, it
answers authoritatively for that domain and doesn't worry
about delegation and stuff. So as long as everyone who needs
access to subdomain.mydomain.com asks a server that is
master or secondary for that subdomain they will get the
right answers, and no one else needs to know it exists.
You may want to restrict access to the zone using access
control lists in case anyone "guesses" the name of the
subdomain, and asks the internal server directly.
You want subdomain.mydomain.com secondaried somewhere in
case you ever need to take down the internal server for
maintenance.
Now I assume if the secondary internal to the firewall can
get DNS queries from the public Internet it is safely
ensconced on a secure DMZ.
More information about the bind-users
mailing list