bind on DMZ
Joseph S D Yao
jsdy at center.osis.gov
Fri Dec 23 23:53:32 UTC 2005
On Fri, Dec 23, 2005 at 11:45:26AM -0900, Damien Hull wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This helps.
>
> I just wasn't sure if a DNS server has to have a public IP or not. This
> DNS server is going to be master for a .com domain.
A DNS server only has to have a public IP address if people on the
public Internet are going to be querying it. This can be taken care of
by:
- your "firewall"/router NATting a fixed public IP address to
the internal private IP address of the name server
- the external view of the domain giving the external, public
IP address of the name server, rather than the internal,
private IP address
- the internal view of the domain giving the internal, private
IP address of the name server.
Nothing with a private (RFC 1918) IP address is directly addressable as
such on the public Internet. (As a rule, there are exceptions but
shouldn't be.)
> I've never herd of "views". I'll have to look into that.
DNS and BIND, 4th ed., Albitz & Liu, 2001, O'Reilly & Assoc., pp. 270ff.
and some other documentaiton in the source code package. More on the
Web.
--
Joe Yao
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
More information about the bind-users
mailing list