Firewalls: Re: Split DNS

Firewalls
(February 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Split DNS - Another way
From:	dcosio @ tanis . cptech . com (Dave Cosio)
Date:	Fri, 14 Feb 1997 14:10:38 -0500
To:	matt @ acmebw . com, kkessel @ hteinc . com, firewalls @ GreatCircle . COM, anton @ the-wire . com
Cc:	www-security @ ns2 . rutgers . edu

Some things to concider with Split DNS.

Who is the authority? Is it the firewall? is it the ISP?
IF it is the firewall then all records (MX, PTR and any exposed A)
records should be in your db file. If it is the ISP then you will
need to tell the ISP that your OUTSIDE address of the firewall is to
be the MX for mail.

Do not set up your internal machine as the Authority. Why ? You don't
want to do zone transfers to the internet about the inside of your
domain. If the inside DNS server is the authority then change it 

to find this info out run 

#whois yourdomain.com.
This will give you all the info you need about who is the authorities.


-Dave 

-------------------------------------------------------------------------------

Dave Cosio					Corporate Technologies Inc.
Systems Consultant				Tel 508.459.2420 x20
Network Security and Systems Integrators        100 foot of John Street
http://www.cptech.com				Lowell Massachusetts

"Make mine a Smutty"  -Smuttynose Brewing Co slogan.

Indexed By Date	Previous:	Re: Disturbing e-mail From: Andy Howard <achowar @ erenj . com>
Indexed By Date	Next:	Re: please help From: Pavel Galynin <pgalynin @ chipnet . cz>
Indexed By Thread	Previous:	Re: Split DNS - Another way From: robp @ anubis . network . com (Rob Peglar)
Indexed By Thread	Next:	Re: Split DNS - Another way From: Matt Larson <matt @ acmebw . com>