brent @
GreatCircle .
COM <Brent Chapman> wrote:
> Setting up multiple DNS servers is not difficult. You set up the
> gateway machine to have a DNS server that only knows what you want the
> outside world to know. You set up another DNS server on an internal
> machine that knows about all your hosts and forwards non-local queries
> to the gateway DNS server (via a "forwarders" line in the
> /etc/named.boot file). You rig all DNS clients (via their
> /etc/resolv.conf files), PARTICULARLY including those on the gateway
> host, to talk to the internal server. If a client (even on the
> gateway) asks a question about an internal machine, it gets the answer
> from the internal server. If a client (internal or gateway) asks
> about an external machine, the internal server forwards the query to
> the gateway server, then forwards the response back to the client. If
> somebody out on the Internet asks something, however, they can only
> get back what the gateway server knows (which isn't much).
- Will this work if the gateway server is a dual homed host configured
not to forward packets (IPFORWARDING=-1) [I can't see why not, but I
thought I'd check].
- I like the setup above, but suppose that I don't have the resources
to set up the internal DNS server immediately. Can I set things up so
that internal hosts can get/send mail from/to the gateway, and still
not reveal the internal hosts when the gateway is queried from the
Internet ?
Thanks
gjkriger @
gjk .
ocunix .
on .
ca (George J. Kriger)
Follow-Ups:
|
|
