bind on DMZ

Joseph S D Yao jsdy at center.osis.gov
Fri Dec 23 23:53:32 UTC 2005


On Fri, Dec 23, 2005 at 11:45:26AM -0900, Damien Hull wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> This helps.
> 
> I just wasn't sure if a DNS server has to have a public IP or not. This
> DNS server is going to be master for a .com domain.

A DNS server only has to have a public IP address if people on the
public Internet are going to be querying it.  This can be taken care of
by:
	- your "firewall"/router NATting a fixed public IP address to
	  the internal private IP address of the name server
	- the external view of the domain giving the external, public
	  IP address of the name server, rather than the internal,
	  private IP address
	- the internal view of the domain giving the internal, private
	  IP address of the name server.

Nothing with a private (RFC 1918) IP address is directly addressable as
such on the public Internet.  (As a rule, there are exceptions but
shouldn't be.)

> I've never herd of "views". I'll have to look into that.

DNS and BIND, 4th ed., Albitz & Liu, 2001, O'Reilly & Assoc., pp. 270ff.
and some other documentaiton in the source code package.  More on the
Web.

-- 
Joe Yao
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.



More information about the bind-users mailing list