[ale] DNS Questions

Cordell, Ron ron.cordell at sipstorm.com
Thu Nov 18 10:15:36 EST 2004


Jerald,

Can you recommend a source for learning more about configuring a split
DNS and other issues like that? 

Thanks for the response -

-ronc 

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
Jerald Sheets
Sent: Thursday, November 18, 2004 9:44 AM
To: 'Atlanta Linux Enthusiasts'
Subject: RE: [ale] DNS Questions

You may already be in luck.

FC2 came with BIND in a chroot jail already preconfigured.   I haven't
looked, but I think FC3 has followed suit.

What you're probably looking for is what is called a "split DNS"
configuration where your DMZ DNS server(s) are outward
resolving/looking, and your internal is inward only.

Having said that, keep in mind that you can still refer to www.blah.com
from inside your private network, and if configured correctly, your
router will route to the appropriate box, regardless of private
interface.

I have a nat box doing translation to my internal systems (all of which
have private IP's), but I refer to them all by their public names.  The
NAT box sends my requests to the appropriate internal machines.  I just
keep up with their public IP designations on the DNS boxes (2) and
everything works without having to fiddle with the private IP space.

--Jerald


> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of 
> Cordell, Ron
> Sent: Thursday, November 18, 2004 9:32 AM
> To: ale at ale.org
> Subject: [ale] DNS Questions
> 
> Hi everyone,
> 
> I'm new to the list, but not necessarily to the group :)
> 
> I have a couple of DNS questions I was hoping people could help me out

> with.
> 
> The first question is network topology and where to deploy DNS 
> servers.
> Let's say I have a segmented network, with a DMZ in front of a 
> firewall, and then two or three separate networks behind the firewall.

> I need to set up DNS so that all these servers can resolve their 
> private, "internal" names, but also so that the machines in the DMZ 
> can use the DNS. Seems like I need a DNS primary/secondary pair in the

> DMZ, and also another DNS in each network segment behind the firewall.

> Can anyone steer me to a good place to get a good understanding of how

> I should set this sort of thing up?
> 
> The second questions is about how to secure bind. We are using Fedora 
> Core 3. I've been reading that bind should be in a chroot jail. This 
> sounds like a pretty good practice. What other suggestions do people 
> have for securing bind?
> 
> Thanks in advance for pointing me in the right direction.
> 
> Ron Cordell
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale




More information about the Ale mailing list