Re: DNS Proxy and Internal Root Name Server

[Jean-Francois Zwobada <zwobada @ apogee-com . fr>]

David T. Smith wrote:
> 
>     We are looking at a solution similar to the one posted earlier where the
> order of resolution is changed in the BIND code:  instead of resolution being
> performed in the order
>    1) authoritative,
>    2) forwarded and
>    3) cached,
>  we believe that it may be useful to perform it in the order
>    1) authoritative,
>    2) cached, and
>    3) forwarded
> in the case of firewalled environments.
> 
... D*mn, I missed your message till now...

Sorry to be respond so late.

The problem with this is that the firewall will put additionnal records in its

answer, thus telling you what are the Internet root servers. If you look at the cache

before the forward option, you will ask them for information instead of the

firewall DNS daemon...

Well, to be honest, I think I have seen a #define directive dealing with the option

to disable the adjunction of additional infos, but I am not sure at all.... :o)

 

Regards

 

JF

-- 
_____ Jean-Francois Zwobada (mailto:zwobada @ apogee-com . fr) _______
Apogee Communications - Parc Club Orsay Universite
        - 28, rue Jean Rostand 91893 ORSAY Cedex
Tel: +33 1 69.85.56.47  
Fax: +33 1 69.85.56.48
___________ This guy is powered by a Z81 running CP/M ____________