Rev (Hidden Segment) Lookups in split environment
Kevin Darcy
kcd at daimlerchrysler.com
Sat Mar 17 01:47:36 UTC 2001
If you have recursion turned off, then resolvers can only get what's in
your cache and authoritative data. Best practice is for your public
nameserver to turn off recursion *completely* (options { recursion no;
...) so that there's no possibility of anyone external getting internal
data out of your nameserver's cache. Of course, that means you can't use
that public nameserver to resolve any internal names. Typically, one
would therefore run a separate "private" instance of named to provide
resolution of internal names.
- Kevin
Thomas Duterme wrote:
> Hello everyone,
>
> I'm running a split DNS setup for my office. On the
> external public IP nameservers, I want to map out the PTR
> records for the internal private IP segment. Note, most of
> those IP addresses are private IP, but I still don't want to
> advertise the network topology to anyone outside the company
> (keeping in line with my reasoning for a split IP
> architecture).
>
> My current external servers restrict zone transfers and
> recursive queries. Am I correct in thinking that foreign
> resolvers pointed to my external nameservers will NOT be
> able to lookup those PTR records?
>
> TIA,
> Thomas
More information about the bind-users
mailing list