Great Circle Associates Firewalls
(June 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: split-brain DNS
From: The Root of All Evil <toshio @ kamikaze . dnp . co . jp>
Date: Fri, 21 Jun 1996 11:49:17 +0900
To: Firewalls @ GreatCircle . COM
In-reply-to: Your message of "Thu, 20 Jun 1996 16:17:21 -0400 (EDT)"
References: <199606202017 . QAA23317 @ clark . net>
Reply-to: Firewalls @ GreatCircle . COM 
Steve Bellovin <smb @
 research .
 att .
 com> writes:

steve>	 The split-brain DNS is a problem when you have a domain and
steve>	 subdomains behind the firewall. The solution we know is to declare
steve>	 the DNS server of the parent domain as a secondary server for every
steve>	 existing subdomain. This solution is not really great since we can't
steve>	 resolve Internet names from a subdomain.
steve>	 We are currently using the 4.9.3-REV and testing the 4.9.4 of BIND
steve>	 but no improvement seems to be done...

Isn't nofoward.tar.gz patch in the BIND contrib directory 
useful to solve this problem ?

ftp://ftp.vix.com/pub/bind/release/4.9.3/contrib/noforward.tar.gz

-------
 Toshio Shigematsu
 Dai Nippon Printing Co., Ltd. Information System Dept.
 E-Mail: toshio @
 dnp .
 co .
 jp
Follow-Ups:
References:
Indexed By Date Previous: Re: Pilot Network Services
From: Bill Stout <bill . stout @ hidata . com>
Next: RE: Can a virus affect NT/UNIX firewalls?
From: Russ <Russ . Cooper @ RC . Toronto . on . ca>
Indexed By Thread Previous: split-brain DNS
From: "Marcus J. Ranum" <mjr @ clark . net>
Next: Re: split-brain DNS
From: Matthew Keenan <matt @ firstpac . com . au>
Google
 
Search Internet Search www.greatcircle.com