Confusion about IP/naming of DNS servers
kcd at daimlerchrysler.com
Wed Dec 4 20:38:05 UTC 2002
>Is it possible to manage / admin ones own DNS servers if one only has a
>single static IP? IE if one is using MASQ or non-routable IPs behind a
>packet filtering machine? I can see where the packet filter might route all
>requests on port 53 to a single (behind the filter) DNS machine but where
>would the secondary come into play?
>Ive been reading the various O'Reilly books about DNS/Bind and Firewalls and
>Im quite confused.
You'd need to get some other box, on a static IP outside of your
firewall, to be a slave. There shouldn't be any problem with someone
else slaving from your master server, since zone transfers use the same
ports you're permitting/forwarding anyway (i.e. TCP and UDP port 53).
Many places offer so-called "secondary" (i.e. slaving) service; I
understand that some of them are free, up to a certain number of domains.
More information about the bind-users