A point of clarification, all the DNS machines I mentioned contain only
the internet visable hosts, they do not contain the internal machine info.
David Lang
On Wed, 8 Sep 1999, Daemeon Reiydelle wrote:
> Date: Wed, 08 Sep 1999 22:41:54 -0700
> From: Daemeon Reiydelle <[EMAIL PROTECTED]>
> To: David Lang <[EMAIL PROTECTED]>
> Cc: Firewalls <[EMAIL PROTECTED]>
> Subject: Re: DNS
>
> Some folks did this on the theory that (a) getting the DNS entry for an
> internal box was not a big deal and (b) it avoided the unfailing dns
> lookup failures that occur as multiple DNS databases get out of sync.
>
> Nowadays folks tend to have outside dns servers in various subdomains
> (e.g. for each of the suspect subnets (aka dmz's)), for the "visible to
> the internet" sacrificial hosts like mail and external web servers.
>
> In summary, you made a reasonable decision applicable to a few years ago
> that may need to be revisited as your company's internet present and
> vulnerability has grown.
>
> How's that for a justification? (and I only had two glasses of wine with
> an excellent dinner at the Solano (California) Bar and Grill ;{)
>
> David Lang wrote:
> >
> > When I setup my current DNS ~2 years ago I set it up with both the
> > "primary" and "secondary" DNS machines (as far as the internic was
> > concerned) really acting as secondaries from an internal primary. I am
> > currently be asked to defend my aratecture and cannot remember where I got
> > the idea to do this. (the basic idea being that if someone corrupts what
> > they think is my primary machine it gets cleared with the next update,
> > rather then propogating the problem to the secondary) Can anyone give me
> > comments on if this is still a good idea?
> >
> > One of the problems is that in order to update from the primary the
> > secondary machines have to talk to the inside of my network to reach the
> > real primary.
> >
> > David Lang
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
>
> --
> Daemeon Reiydelle
> Systems Engineer, Anthropomorphics Inc.
> [EMAIL PROTECTED]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
