Re-Hallo,
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 19, 2000 6:34 PM
> To: Noonan, Wesley; '"Marx, Jvrg"'; Noonan, Wesley;
> [EMAIL PROTECTED]
> Subject: RE: Ports for DNS
>
>
> Many companies use the same DNS servers for both their
> internal network and
> their Internet side of the network. This is a bad idea
> because it exposes
> the structure of their internal network to intruders.
That's true. But think of the "poor man's" solution described
in 'DNS and BIND' by Albitz/Liu:
two zones on one named: the delegated one, which can be asked by
everybody but won't do recursion, and the recursive and caching
one for only the internal hosts.
Better than nothing but I agree, your solution is my favourite
too.
But to come to the initial question: a good place to host a
secondary for a delegated zone is in most cases your upstream ISP.
Take a look at 'the' DNS book, IMHO it's by far the best reading
about DNS beside the rare postings of DJB :-)
cu
J"org.
--
Joerg Marx
secunet
Security Networks AG Tel./Fax: +49 351 43959 40
Ammonstra�e 72 E-Mail: [EMAIL PROTECTED]
01067 Dresden
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
