Confusion about IP/naming of DNS servers

Kevin Darcy kcd at
Wed Dec 4 20:38:05 UTC 2002

anonymous wrote:

>Is it possible to manage / admin ones own DNS servers if one only has a
>single static IP? IE if one is using MASQ or non-routable IPs behind a
>packet filtering machine? I can see where the packet filter might route all
>requests on port 53 to a single (behind the filter) DNS machine but where
>would the secondary come into play?
>Ive been reading the various O'Reilly books about DNS/Bind and Firewalls and
>Im quite confused.
You'd need to get some other box, on a static IP outside of your 
firewall, to be a slave. There shouldn't be any problem with someone 
else slaving from your master server, since zone transfers use the same 
ports you're permitting/forwarding anyway (i.e. TCP and UDP port 53). 
Many places offer so-called "secondary" (i.e. slaving) service; I 
understand that some of them are free, up to a certain number of domains.

                                                    - Kevin


