(no subject)

[Kevin Darcy]

If you don't really care what the addresses reverse-resolve to, then just set up 10.in-addr.arpa with a wildcard PTR record.

                                                                                                                                                    - Kevin

yomler.biz at m6net.fr wrote:

> Hello all,
>
> I have a internal DNS and an external DNS in a DMZ. Our policy is to only allow forward request from internal to external : there is no traffic comming from the DMZ into the internal LAN.
>
> However, I am using proxy for every protocol (ftp, http, smtp, ...) which demand reverse lookups. All reverse lookup fail because of our policy.
> On the best, the failed reverse lookup are cache for 3H (negative TTL), but every 3H, automatic robot or supervising tools send trap every 3H to tell us a service is down.
>
> What can I do on the external DNS (bind 8.2.x) to fool the proxies in order to allow the proxies to succed the reverse lookup.
>
> 1) I can not disable the reverse lookup on all the proxies
> 2) I do not really want to maintain host files on the proxies.
> 3) I do not want to allow incoming traffic in the LAN from the DMZ
> 4) Is there any bind directive to fool the whole 10.* reverse lookup ?