OK.
MJR's theory on Split-DNS is not out dated and is very applicable. The
nuances of BIND maybe different than originally written.
Refer to DNS & BIND 3rd edition. or Building Internet Firewall 2nd edition..
1 Internal DNS - should list external MX record, and a forwarders statement -
2. External DNS - assume an ISP is handling external name resolving for you
(as in authoritative).. Usually in the case of split-DNS, at least 4 or 5
records are known to the public (i.e. www, ftp, mx, dns, something else)
The internal DNS should be maintained in sort sort of application (BIND,
MetaIP, etc).
I seem to recall during my days of working on Site Patrol (Gauntlet 3.x ,4
.x in a brown paper bag), So there were the following records known to the
world
(blah-blah-companyname-bh.domainname.com,
blah-blah-companyname-chk.domainname.com,
www.blah-blach-companyname.domainname.com,
ftp.blah-blah-companyname.domainname.com),
mail.blah-blah-companyname.domainname.com.
/mark
At 08:49 PM 8/10/00 +0200, mouss wrote:
>At 10:46 10/08/00 -0700, Mark Teicher wrote:
>>Please refer to
>>
>>http://pubweb.nfr.net/~mjr/pubs/dns/index.htm
>>
>>Stop your quibbling :)
>
>
>With all the respect to mjr, the knowledge of whom will never expire,
>the cited document seems outdated to me.
>Also, patching resolver code is something that I'll do only under torture.
>
>so, let me quibble too!
>one has
>1- internal hosts, with both a public and a private address
>2- external hosts, with only one corresponding public address
>
>for case 1, I see no problem in maintaining two databases. so, one
>suses the public addresses on the public DNS, and the private ones
>on the private one.
>
>for case 2, the problem is tha of coherence. if one adds a new host or
>modify the address of an existing one, it is necessary to update both
>databases. But then again, I see no problem.
>
>If you feel really lazy about that, write all the informations in a single
>file, and
>use a script to generate both databases.
>
>...or am I missing something?
>
>
>mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
