Hi there folks,
We have two DNS here in our netowk organization.One in our Internet
and theother for the Internal.
The Internal DNS has NIS and for the Internet I think has NIS too.I wanted
the internal DNS to be gone and clients
of that internal would be resolving their DNs to the Internet DNS.After
that I'm planning to firewall the DNS .I mean
put the DNs inside the Firewall.Would this be a great Idea or shall I
maintain the two DNs? and still put the Internet DNS inside
or outside the firewall? And for the internal DNs I 'll just let it out of
the Firewall.Please give me ideas on this.
At 03:50 PM 10/10/97 +0100, David Harvey-George wrote:
>
>> To: Marc .
Heuse @
mail .
DeuBa .
COM
>
>> Of course a dns is needed on the fw when you are using an application
>> gateway firewall,
>
>This is one case where you don't need a DNS server on the firewall, or
>anywhere else within you org for that matter. Client connects to
>application proxy with request, application proxy uses DNS resolver to get
>IP address. DNS resolver can use ISP's DNS server. Of course if you are
>using DNS as your LAN nameserver (e.g. you are not using NIS, /etc/hosts or
>WINS), then you need the soln. you mentioned below.
>
>> | I found so far two possiblities to solve this problem ...
>
>> | The second is to just forward the dns resolving to a host in the dmz
>plus
>> | running also the primary external dns there.
>
>Bill Cheswick's trick described in the O'Reilly book. The intention being
>to stop random ports having to be opened on the firewall to internal
>resolvers. The forward requests always being made on port 53 between two
>known (trusted?) systems. Works with BIND but perhaps not with all
>implementations of DNS.
>
>David
>
References:
|
|
