Bind behind a DMZ?

Vincent Yonemitsu vince at soilengineersltd.com
Mon Jan 7 21:17:42 UTC 2008


Hi,
I have Bind 9 setup behind a Firewall that is running a static
Nat(IP - 
IP) not port forwarding, Normal Internal Network / DMZ type
setup.

It doesn't seem to be working. Is this kind of thing ok
to do with bind? I have done it before with other DNS Servers but this is
the first time I have used BIND. I 
want it to be authoritative
for our domain on the internet, and allow for queries from our
internal network. I am able to resolve against it from our internal
network but I am unable to retrieve the domain queries from outside of the
domain.
Any tips would be appreciated. 

Thanks.


-- 

Vincent Yonemitsu 
Information
Technology and Infrastructure Manager 
vincentyonemitsu at soilengineersltd.com 
Tel. (416) 754-8515 x 270


100 Nugget Avenue 
Toronto, Ontario M1S 3A7 
Toll
Free Tel. (800) 268-5624 x 270 
Fax: (416) 754-8516 

This
message is intended only for the use of the individual to which it is 
addressed and contains information that is privileged and confidential.
If 
this e-mail is not intended for you, any reading, distribution,
copying, 
or disclosure of this e-mail is strictly prohibited. If you
have received 
this communication in error, please notify Soil
Engineers Ltd. 
immediately. Soil Engineers Ltd. assumes no liability
for any unauthorized 
use or alteration of the contents or
attachments of this e-mail. 

Have a look at our website:
http://www.soilengineersltd.com 

> 
> Greetings, 
> Since available, I have been using the allow-recursion clause to
limit 
> recursive queries as 
> appropriate for needs.

> However, after moving to 9.42 this option no longer works as
anticipated. 
> Working (previously) example: 
> 
> acl "trusted" { array; of; IP; addresses; and; or;
netblocks; }; 
> 
> options { 
> ... 
>
allow-querry { trusted; }; 
> allow-recursion { trusted; }; 
> ... 
> }; 
> 
> But the log indicates that
the recursion clause is not being honored 
> eg; 
> client
tr.us.ed.ip#36344: recursion not available 
> 
> Can
anyone shed some light on why this is happening? 
> 
>
Thank you for all your time and consideration in this matter. 
>

> Chris 
> 
>
///////////////////////////////////////////////////// 
> Service
provided by hitOmeter.NET internet messaging! 
> . 
> 
> 
> 
> 
> -- 
> This message has
been scanned for viruses and 
> dangerous content by MailScanner,
and is 
> believed to be clean. 
> 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





More information about the bind-users mailing list