If you are looking for the home of the DNS server authoritative for your
external web server, it should go in the DMZ, it should contain information
ONLY for your DMZ, I.E. your dns record for your web and mail servers,
you'll probably have a forwarding record pointing to a root DNS server.
If you want your web server to access machines inside your private network,
you could set up a forward record to have DNS look to your internal private
DNS server. I wouldn't do this, but if you do, make sure the TTL is VERY
short, or set DNS up not to cache that domain.
And make sure your rules on your firewall are tight! You may also want to
add a screening router between your firewall and internal network as an
added layer of protection.
-----Original Message-----
From: Tally [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 23, 1999 7:52 PM
To: [EMAIL PROTECTED]
Subject: DNS ..where to put..DMZ or ...
This question has been asked n number of times on
this list. but after searching through the archives
it has confused us more as there are numerous
threads and its difficult to follow multiple
threads
I N T E R N E T
|
Firewall---Webserver(aka dmz)
|
Internal Network
A typical set up. The internal network has its own
"internal" DNS but the hosts have 10.x.x.x
addresses.
now the question. where do I place the DNS server.
what if I place it on the same host as Webserver on
the DMZ. This DNS server would be the name server
for the domain hosted by the firewall... correct..
?
and next , is there a way so that sitting on the
web server one could access hosts in the internal
network by name... how can this be achieved... ?
this is the hard part.
thanks and please email me
tally
__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
