I don't think he necessarily needs four. I think it can be done with 2. The way graham
suggested works.
-----Original Message-----
From: Edward Marczak [SMTP:[EMAIL PROTECTED]]
Sent: Monday, November 29, 1999 9:54 PM
To: [EMAIL PROTECTED]
Subject: Re: Semi-OT: DHCP and DNS questions
> DNS:
>
> Currently we are usind NAT with a firewall, and our internal network is
> 159.139.0.0 (which we don't own - the previous net admin just picked them
> out of a hat, and yes I am planning on replacing them with RFC1918
> addresses..) and we would like to set up our own DNS servers to resolve to
> some internal hosts, as well as provide name resolution for FQDN's out on
> the internet - sort of a mix of a internal DNS and an external DNS all in
> one "box". Would I have to have 2 seperate boxes? I also don't want our
> "internal" hosts FQDN's propogated outside of our network. Any suggestions,
> tips, etc?
Actually, you want 4 DNS boxes. Two inside your firewall (master and slave)
and two outside of your firewall (master and slave). The two on the outside
will sit right on the Internet, or in a DMZ. Those will have the smaller,
subset of DNS data - just the hosts that you want the general public to know
about, or those that they need to know about (like the machine in an MX
record). Keep security in mind with these (e.g. - no telnet, etc.)
The two inside should not be accessible from the outside and can contain
every host on your internal net.
Of course, your firewall have to allow the two internal DNS servers to make
external (root) requests.
This advise makes some assumptions, so ask away if it needs refining.
--
Ed Marczak, The New York Media Group, Inc.
[EMAIL PROTECTED]
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
