bind secure architecture.

Vincent Blondel vincent at xtra-net.org
Fri Aug 19 07:39:57 UTC 2005


Hi,

We are currently using Bind on one FreeBSD 4.10 server. This server is directly used by internal users and internet clients.

We decided recently to set up a real DMZ in our IT architecture. This is now done and we are already using an http proxy. Time is now
to consider a complete new architecture for our Bind server.

So I looked on the net for a complete secure and split ( internal , external ) architecture and have found that we coud mix next
features :

- internal root
- split architecture could be done by the "VIEW" feature in BIND 9.x

With such an architecture, we could complete configure all internal servers and subdomains for internal services and set up another
configuration ( usual www, smtp, dns ) for specific external services.
This configuration also involves that the internal root server has to forward the request on the net ( via our dmz gateway BIND Server
)  for all domains we are not serving as SOA ( example google.com ).

... and this is my specific problem, I don't immagine how I can configure this.

So can somebody explain me how I can do it and/or eventually give me an example of configuration ???

Regards
Vincent.



More information about the bind-users mailing list