Great Circle Associates Firewalls
(January 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: DNS Proxy and Internal Root Name Server
From: "David T. Smith" <dsmith @ tuckernet . com>
Date: Wed, 15 Jan 1997 17:57:17 -0500
To: zwobada @ apogee-com . fr
Cc: Firewalls @ GreatCircle . COM
In-reply-to: Your message of "Wed, 15 Jan 1997 21:07:57 +0100." <32DD391D . 5A6A @ apogee-com . fr> 
Thanks for the tip -- I'll look at the #define to keep the 
cache clean and pointint to the right servers.

DTS


-- 
//==========================================================\\
||David T. Smith               |    Specialists in          ||
||Tucker Network Technologies  |    Network Computing       ||
||50 Washington St., PO 429    |   --------------------     ||
||South Norwalk, CT 06856      | dsmith @
 tuckernet .
 com       ||
\\=========================================================//


In message <32DD391D .
 5A6A @
 apogee-com .
 fr>, Jean-Francois Zwobada writes:
>
>------------358E455512A711
>Content-Transfer-Encoding: 7bit
>Content-Type: text/plain; charset=us-ascii
>
>David T. Smith wrote:
>>
>>     We are looking at a solution similar to the one posted earlier
>where the
>> order of resolution is changed in the BIND code:  instead of
>resolution being
>> performed in the order
>>    1) authoritative,
>>    2) forwarded and
>>    3) cached,
>>  we believe that it may be useful to perform it in the order
>>    1) authoritative,
>>    2) cached, and
>>    3) forwarded
>> in the case of firewalled environments.
>>
>... D*mn, I missed your message till now...
>Sorry to be respond so late.
>
>The problem with this is that the firewall will put additionnal records
>in its
>answer, thus telling you what are the Internet root servers. If you look
>at the cache
>before the forward option, you will ask them for information instead of
>the
>firewall DNS daemon...
>Well, to be honest, I think I have seen a #define directive dealing with
>the option
>to disable the adjunction of additional infos, but I am not sure at
>all.... :o)
>
>Regards
>
>JF
>--
>_____ Jean-Francois Zwobada (mailto:zwobada @
 apogee-com .
 fr) _______
>Apogee Communications - Parc Club Orsay Universite
>        - 28, rue Jean Rostand 91893 ORSAY Cedex
>Tel: +33 1 69.85.56.47
>Fax: +33 1 69.85.56.48
>___________ This guy is powered by a Z81 running CP/M ____________
>
>

-- 
//==========================================================\\
||David T. Smith               |    Specialists in          ||
||Tucker Network Technologies  |    Network Computing       ||
||50 Washington St., PO 429    |   --------------------     ||
||South Norwalk, CT 06856      | dsmith @
 tuckernet .
 com       ||
\\=========================================================//
References:
Indexed By Date Previous: Re: wading in syslog files
From: Paul Ferguson <pferguso @ cisco . com>
Next: Re: [INFO] Firewall monitoring tools != SNMP
From: Peter Ngo <Peter_Ngo+aEPS4-Carr%EPS @ mcimail . com>
Indexed By Thread Previous: Re: DNS Proxy and Internal Root Name Server
From: Jean-Francois Zwobada <zwobada @ apogee-com . fr>
Next: Security & Hackerscene site
From: Markus H|bner <matic @ bau2 . uibk . ac . at>
Google
 
Search Internet Search www.greatcircle.com