DNS & PIX setup question
Tim Cantin
tcantin at wellesley.edu
Tue Apr 12 17:54:34 UTC 2005
Background:
I have two class B networks separated by a firewall. One network is public
(149.130/16) and the other is private (172.17/16). There's a pair of bind8
named's running on the 149.130 network which have no notion of the 172.17
network. Each server on the 172.17 network has a hosts file, and for everything
else they use the dns servers on the 149.130 network as their primary dns. (The
nsswitch.conf has hosts,dns for name resolution.)
Plans:
We're switching to a Cisco PIX firewall, and introducing the use of the Cisco
vpn client. Soon clients on the 149.130 network will connect via vpn to use
services in the 172.17 network, and thereby get a 172.17.x.x address for the
vpn adapter.
Problem:
The PIX needs to tell the vpn clients a dns server to use which resolves to
172.17 addresses where appropriate. I don't want to create a copy of our
existing dns servers behind the firewall, and keep both locations up-to-date.
Both networks think they are wellesley.edu (maybe that's my problem).
Any ideas? I've tried about 6 or 8 theories, but I didn't want to cloud my
initial posting explaining them (and their failures) -- but I gladly will if
you're interested.
Thanks in advance for any help!
-Tim
More information about the bind-users
mailing list