On Thu, 29 Sep 1994 padgett @
tccslr .
dnet .
mmc .
com wrote:
> Jim rites:
> >Question is, is there a way of setting up the server such that it
> >would tell Internet users to resolve to Interface A, while telling
> >internal users to resolve to Interface B?
>
> Of course there is, the only question is how difficult is it to do in
> the box you have (might be easier to set up two DNSes). The real question
> is "What DMSes can differentiate between internal requests and external
> ones ?".
> On the other hand, this information may not be available to the DNS
> resolution software. In this case, if you are not a programmer, it would
> be impossible.
This dual name server functionality is also available with the Janus
Firewall Server. An excerp from the FAQ follows:
The Janus Firewall Server runs two separate DNS servers on the firewall
itself. The External DNS server provides a limited external view of
the organizational domain and initially configures itself with a
number of standard names that all point at the firewall itself (such
as mail, news, ftp, ns and www) as well as specific entries for the
domain (so that connections can be conveniently made using only the
organizational domain name) and whatever additional hostname is
specified for the firewall. The External DNS also automatically
installs NS and wildcard MX records that point to the firewall.
Additional backup MX and secondary NS records can be configured by
the administrator. No internal information is available to the
External DNS and only the External DNS can communicate with the
outside, so no internal naming information can be obtained by anyone
on the outside. The External DNS cannot query the Internal DNS or
any other DNS inside the firewall.
The Internal DNS is automatically configured with some initial
information and can have additional hosts added via the administrator
interface. Other internal domains or subdomains can be primaried,
secondaried or delegated to other internal nameservers. The ability
to prime the internal DNS by downloading host and NS delegation
information from an existing DNS is available in the next minor
release. The information managed by the Internal DNS is only
available to internal machines. The Internal nameserver cannot
receive queries from external hosts since it cannot communicate
directly with the external network. Resolution of external DNS
information both for the firewall itself and to handle internal
queries for external information are handled by the internal
nameserver. Although it is unable to communicate directly with the
external network, it is able to send queries and receive the
responses via the External DNS.
Bnti produces the Janus Firewall Server. Please feel free to contact me
for more information.
Steven Lamb
------------------------------------------------------------------------
Border Network Technologies Inc. Email: slamb @
border .
com
1 Yonge Street, Suite 1400, Tel: +1 416 368 7157
Toronto, Ontario, Canada, M5E 1J9 Fax: +1 416 368 7789
|
|
