Firewalls: split-brain DNS

Firewalls
(June 1996)

Indexed By Thread: [Previous] [Next]

Subject:	split-brain DNS
From:	Steve Bellovin <smb @ research . att . com>
Date:	Tue, 18 Jun 1996 18:40:55 -0400
To:	Firewalls @ greatcircle . com
Cc:	Jean-Francois Zwobada <zwobada @ apogee-com . fr>, ches @ research . att . com

	 The split-brain DNS is a problem when you have a domain and
	 subdomains behind the firewall. The solution we know is to declare
	 the DNS server of the parent domain as a secondary server for every
	 existing subdomain. This solution is not really great since we can't
	 resolve Internet names from a subdomain.
	 We are currently using the 4.9.3-REV and testing the 4.9.4 of BIND
	 but no improvement seems to be done...

There will be a paper by Bill Cheswick and myself addressing some of
these issues, to be presented at the Usenix UNIX Security Conference 7/22-25.

		--Steve Bellovin

Indexed By Date	Previous:	Re: How do I get NT services through a router? From: Paul Ferguson <pferguso @ cisco . com>
Indexed By Date	Next:	Re: Pilot Network Services From: robw @ marineterminals . com (Robert Williams)
Indexed By Thread	Previous:	Re: split-brain DNS From: sengle @ dhtinc . com (Steven W. Engle)
Indexed By Thread	Next:	split-brain DNS From: "Marcus J. Ranum" <mjr @ clark . net>