On 19-OCT-1994, I wrote:
>I am a newbie to DNS administration, so I apologize in advance if this is
>not the correct forum to ask this question, and implore you to point me to the
>appropriate place for this.
>
>I am building a doubly-screened subnet as follows :
>
> |
> Access | Choke Internal
>Provider Router | Router Network
>|-----| |_____| | |-----| |------|
>| |------------| |--------|------| |----------| |
>|-----| |-----| | |-----| |------|
> | DNS
> | |-----| Domain
> |------| | "mynet.org"
> | |-----|
> | Bastion "xyz"
> DMZ DNS
> Segment Domain
> "sub.mynet.org"
< rest of message deleted >
Many thanks to all who sent in their suggestions and ideas! Here is the
help I received on the subject of using multiple DNS sources on my internal
net :
- By far, the most prevalent suggestion was to set up forwarders in the DNS
config files on the internal nameserver, foobar.mynet.org . This is
accomplished by adding the line
forwarders <ip_addr_of_bastion_host>
to named.boot on foobar. The end result of doing this is that queries
for data not on the internal net will get resolved by the bastion host,
which is ultimately a server for the Internet at large. There are some
other details, for which I would recommend _carefully_ reading the
forwarders section of the documentation for your vendor-of-choice.
- It was also suggested that in addition to the forwarders line, I add the
line
slave
to foobar's named.boot after the forwarders entry. This makes the server
only make queries to forwarders, according to the documentation.
- It was also *strongly* suggested that the bastion be the primary
nameserver (not secondary as I had indicated) for the internal domain
mynet.org, so that I would control what is on that server. I took the hint.
So, after I set up forwarders and slave and got the bastion set up as
primary, it works great.
Thanks to everyone who wrote,
Laurie Bostic
llb1 @
esygvl .
com
|
|
