On Fri, 2005-09-23 at 22:08 -0600, Mitch Anderson wrote: > For our DNS setup... I use a mix of split-horizon and a hidden master > DNS server. For security reasons I don't have the master name server > visible externally(sits on its own network off the core network). As an > example, I have a name server (we'll call it ns.domain.com). This is > the master name server and also is a split-horizon name server, setup to > allow all internal clients to see the "internal" view of my zones. I > have two external DNS servers(ns1 and ns2 .domain.com), that are setup > as slaves for my external views of my zones in our DMZ. I also have one > other internal DNS server (in-ns3.domain.com) that is a slave for the > internal zones. It makes management of zone data a breeze because I > only ever have to go to one server to make any updates or changes. With > the added security of no one externally allowed access to my master name > server... any exploits to DNS will be overwritten in 8 - 12 hours > depending on the TTL of the zone. Regardless of me knowing about it or not. > > This setup could be easily achieved with Bind9 or djbdns.
Nice. I'll have to look into implementing such a system. Thanks for the information. That is indeed a great way of managing it. > > Mitch > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ -- Michael Torrie <[EMAIL PROTECTED]> /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
