[ale] DNS Questions

Thu Nov 18 14:03:26 EST 2004

Also, I seem to remember reading in one of the tldp.org
how-to's on dns - they mention split dns and how to
configure. 

http://www.etherboy.com/dns/chrootdns.html
http://tldp.org/HOWTO/DNS-HOWTO-10.html - bottom of the
page, is where I found the link.

HTH

--- "Cordell, Ron" <ron.cordell at sipstorm.com> wrote:

> Jerald,
> 
> Can you recommend a source for learning more about
> configuring a split
> DNS and other issues like that? 
> 
> Thanks for the response -
> 
> -ronc 
> 
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On
> Behalf Of
> Jerald Sheets
> Sent: Thursday, November 18, 2004 9:44 AM
> To: 'Atlanta Linux Enthusiasts'
> Subject: RE: [ale] DNS Questions
> 
> You may already be in luck.
> 
> FC2 came with BIND in a chroot jail already
> preconfigured.   I haven't
> looked, but I think FC3 has followed suit.
> 
> What you're probably looking for is what is called a
> "split DNS"
> configuration where your DMZ DNS server(s) are outward
> resolving/looking, and your internal is inward only.
> 
> Having said that, keep in mind that you can still refer
> to www.blah.com
> from inside your private network, and if configured
> correctly, your
> router will route to the appropriate box, regardless of
> private
> interface.
> 
> I have a nat box doing translation to my internal systems
> (all of which
> have private IP's), but I refer to them all by their
> public names.  The
> NAT box sends my requests to the appropriate internal
> machines.  I just
> keep up with their public IP designations on the DNS
> boxes (2) and
> everything works without having to fiddle with the
> private IP space.
> 
> --Jerald
> 
> 
> > -----Original Message-----
> > From: ale-bounces at ale.org [mailto:ale-bounces at ale.org]
> On Behalf Of 
> > Cordell, Ron
> > Sent: Thursday, November 18, 2004 9:32 AM
> > To: ale at ale.org
> > Subject: [ale] DNS Questions
> > 
> > Hi everyone,
> > 
> > I'm new to the list, but not necessarily to the group
> :)
> > 
> > I have a couple of DNS questions I was hoping people
> could help me out
> 
> > with.
> > 
> > The first question is network topology and where to
> deploy DNS 
> > servers.
> > Let's say I have a segmented network, with a DMZ in
> front of a 
> > firewall, and then two or three separate networks
> behind the firewall.
> 
> > I need to set up DNS so that all these servers can
> resolve their 
> > private, "internal" names, but also so that the
> machines in the DMZ 
> > can use the DNS. Seems like I need a DNS
> primary/secondary pair in the
> 
> > DMZ, and also another DNS in each network segment
> behind the firewall.
> 
> > Can anyone steer me to a good place to get a good
> understanding of how
> 
> > I should set this sort of thing up?
> > 
> > The second questions is about how to secure bind. We
> are using Fedora 
> > Core 3. I've been reading that bind should be in a
> chroot jail. This 
> > sounds like a pretty good practice. What other
> suggestions do people 
> > have for securing bind?
> > 
> > Thanks in advance for pointing me in the right
> direction.
> > 
> > Ron Cordell
> > 
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 

=====
Kevin Stoll
http://kevinstoll.com/

OpenSource Software...FREE!
Angering Bill Gates...priceless.
============================================================

__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - Get yours free! 
http://my.yahoo.com 