DNS through Firewall

Todd, Douglas M. DTODD at PARTNERS.ORG
Wed Feb 27 14:38:59 UTC 2002


Sounds like you are having a traditional split dns type of problem.

You are wanting to have people look at your external dns as one type of
and people use your internal dns for private use?

If this is the case then the best thing to do is to have two boxes. One for
and one for external. 

Douglas M. Todd, Jr.
Network Engineering
Partners Health Care
Building 149
149 13 Street
Charlestown, MA 02129-200
Tel: 617.726.1403
Email: dtodd at partners.org
PGP Finger Print: 9429 CAE3 B2D1 C2E1 DFBC  E7A6 E90A 9BE5 C7B6 47BC
Key available via email.
Verisign S/N: 3ff65cdf58b9dceda004baeed49e16cf


> -----Original Message-----
> From:	David Frank [SMTP:DFrank at Netegrity.com]
> Sent:	Tuesday, February 26, 2002 5:30 PM
> To:	comp-protocols-dns-bind at isc.org
> Subject:	DNS through Firewall
> Greetings,
> I am having a problem with our new DNS server. Our old DNS server was also
> our firewall, so restricting access was relatively easy. Our new DNS
> server
> (no longer on the firewall)has a non-routable IP Address NAT'd to an
> external DNS. The problem I am having is what to put in my db.local for a
> name server. dns.datachannel.com resolves to an external address so that
> would seem to cause a problem as the local host has an address on the
> 10.1.1.x/24. Also, I know dig is the prefered trouble shooting tool and
> nslookup is not a good test, but when I do an nslookup it is unable to
> resolve itself as a DNS server.
> What is the most common way of securing your external DNS servers behind a
> firewall while still allowing the functionality you need for address
> resolution?
> Thank you for your time,
> David Frank

More information about the bind-users mailing list