Background:
I am looking at setting up a DNS proxy using "forwarders" and "slave"
lines in by /etc/named.boot file as described in the "Building
Firewalls" and "DNS and BIND" books by O'Reilly. However, I want to do
this where I can maintain an internal Root name server. For resolution
of domain names outside the internal top-level domains, I would like the
proxy name server (which will have an "external" domain name) be the
only name server queried by the internal root name server and having
this proxy be the only host to query external name servers. (I would
set up UDP port 53 filtering on the router.)
Problem:
One problem I thought of concerns the mitigation between the internal
root name server and the forwarders/slave lines. If a subordinate
domain name server queries the root name server for an "outside" domain,
how would it know to forward the query to the proxy (being that it is a
internal root name server)? I could have my subordinate top-level
domain name serves query the proxy directly by putting forwarders line
in it's /etc/named.boot, however, this would bypass the internal root
structure. It seems to be straight forward w/o an internal root name
server, however, I need to maintain these root name server. Can anyone
help.
Thanks,
rwm
|
|
