Views vs. firewall for simple usage?

Ronni Jensen roj at mvb.dk
Thu Jun 8 13:05:09 UTC 2006


Hi,

I have a little issue, that I hope you can help me enlighten;

Our DNS setup:
1 master (on same LAN as slaves)
2 slaves (with public IPs NAT'ed through our firewall to their local IP.
Customers use these as pri/sec dns servers)

The only purpose of this setup is to be authoritative for zones hosted
by our company, and enable our customers to use the slaves for both
authoritative and recursive queries.

As I see it, there is no purpose of the headache of working with
internal and external views in BIND, since it is only our customers on a
AAA.BBB/20 network that are supposed to query the servers.

Could I just configure BIND with "recursion yes;" (default) and then
prohibit the access in our firewall to only OUR customers, by allowing
only AAA.BBB/20 to access ns1 and ns2 on port 53, and deny all other
networks?

Are there any security risks or other issues in this? I can't see any,
since only our customers on AAA.BBB/20 are able to query the servers..

With kind regards,
Ronni



More information about the bind-users mailing list