Firewalls: Re: Split DNS .. A White Paper

Firewalls
(March 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Split DNS .. A White Paper
From:	"Simon J. Gerraty" <sjg @ zen . void . oz . au>
Date:	Fri, 31 Mar 1995 09:09:52 +1000
To:	Brent @ greatcircle . com (Brent Chapman)
Cc:	firewalls @ greatcircle . com
In-reply-to:	Your message of "Wed, 29 Mar 95 09:04:53 PST." <v02110134ab9f3e62723b @ [198 . 102 . 244 . 39]>

> If, on the other hand, your internal DNS is screwed up and beyond your
> control (managed by another group or something), you can use split DNS to
> provide "good" data to the world and just ignore the internal mess.  This
> is basicly just sweeping the problem under the rug; it would be better to
> really fix the problem, but sometimes the real world doesn't cooperate.

This is not to say that a screwed up internal DNS is a requirement :-)
Some folk just have _very_ large internal networks that use rfc1597 or
heaven forbid, stolen network numbers, or have many machines runing
old versions of named - which choke when root servers are unavailable.
For these and many other valid reasons, keeping the inside separate
from the outside is a good idea.  

--sjg

References:

Re: Split DNS .. A White Paper
From: Brent @ GreatCircle . COM (Brent Chapman)

Indexed By Date	Previous:	Re: Firewall performance. From: Quentin Fennessy <Quentin . Fennessy @ SEMATECH . Org>
Indexed By Date	Next:	Re: Feeping Creaturism in routers (was Re: Response to Satan) From: Jeff Smith <sumisu @ mingus . slab . ntt . jp>
Indexed By Thread	Previous:	Re: Split DNS .. A White Paper From: Brent @ GreatCircle . COM (Brent Chapman)
Indexed By Thread	Next:	Re: Split DNS .. A White Paper From: woycke @ mitre . org (Daniel W. Woycke)