[ale] DNS Questions
Jerald Sheets
jsheets at yahoo.com
Thu Nov 18 10:26:07 EST 2004
Certainly.
By far, my favorite book on DNS is "Linux DNS Server Administration" by
Craig Hunt. It's part of Sybex's Craig Hunt Linux library, and is about 40
bucks.
http://www.amazon.com/exec/obidos/tg/detail/-/0782127363/qid=1100791394/sr=1
-1/ref=sr_1_1/103-9514209-1397418?v=glance&s=books
Also, you should have the O'Reilley in your toolkit:
http://www.amazon.com/exec/obidos/tg/detail/-/0596001584/ref=pd_sim_b_4/103-
9514209-1397418?%5Fencoding=UTF8&v=glance
Those are by far the definitive works on the subject, the first one being
much easier to read.
Jerald M. Sheets jr.
Sr. UNIX Systems Administrator
Datatrac, Inc
770.552.3866 x2494
*****************
> su -
Password:
# cat /dev/flood > /dev/earth
# rdev noah+beasts
# dd if=noah+beasts of=/dev/earth
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On
> Behalf Of Cordell, Ron
> Sent: Thursday, November 18, 2004 10:14 AM
> To: Atlanta Linux Enthusiasts
> Subject: RE: [ale] DNS Questions
>
> Jerald,
>
> Can you recommend a source for learning more about configuring a split
> DNS and other issues like that?
>
> Thanks for the response -
>
> -ronc
>
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
> Jerald Sheets
> Sent: Thursday, November 18, 2004 9:44 AM
> To: 'Atlanta Linux Enthusiasts'
> Subject: RE: [ale] DNS Questions
>
> You may already be in luck.
>
> FC2 came with BIND in a chroot jail already preconfigured. I haven't
> looked, but I think FC3 has followed suit.
>
> What you're probably looking for is what is called a "split DNS"
> configuration where your DMZ DNS server(s) are outward
> resolving/looking, and your internal is inward only.
>
> Having said that, keep in mind that you can still refer to
> www.blah.com
> from inside your private network, and if configured correctly, your
> router will route to the appropriate box, regardless of private
> interface.
>
> I have a nat box doing translation to my internal systems
> (all of which
> have private IP's), but I refer to them all by their public
> names. The
> NAT box sends my requests to the appropriate internal
> machines. I just
> keep up with their public IP designations on the DNS boxes (2) and
> everything works without having to fiddle with the private IP space.
>
> --Jerald
>
>
> > -----Original Message-----
> > From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
> > Cordell, Ron
> > Sent: Thursday, November 18, 2004 9:32 AM
> > To: ale at ale.org
> > Subject: [ale] DNS Questions
> >
> > Hi everyone,
> >
> > I'm new to the list, but not necessarily to the group :)
> >
> > I have a couple of DNS questions I was hoping people could
> help me out
>
> > with.
> >
> > The first question is network topology and where to deploy DNS
> > servers.
> > Let's say I have a segmented network, with a DMZ in front of a
> > firewall, and then two or three separate networks behind
> the firewall.
>
> > I need to set up DNS so that all these servers can resolve their
> > private, "internal" names, but also so that the machines in the DMZ
> > can use the DNS. Seems like I need a DNS primary/secondary
> pair in the
>
> > DMZ, and also another DNS in each network segment behind
> the firewall.
>
> > Can anyone steer me to a good place to get a good
> understanding of how
>
> > I should set this sort of thing up?
> >
> > The second questions is about how to secure bind. We are
> using Fedora
> > Core 3. I've been reading that bind should be in a chroot
> jail. This
> > sounds like a pretty good practice. What other suggestions
> do people
> > have for securing bind?
> >
> > Thanks in advance for pointing me in the right direction.
> >
> > Ron Cordell
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list