We have a huge intranet with internet-connectivity via an
application-level-proxy-firewall!
We also have an internal-web-cache-server and split-dns.
Now we discuss on how to configure split-dns.
Version 1: with forwarding
The internal dns-server ( not identical with the firewall-computer) has
a forwarder-statement and slave-statement to the external-dns-server in
the internet.
So the client-pcs can resolve each adress in the intranet and the
internet by itself.
Version 2: without forwarding
The internal dns-server cannot resolve Internet-adresses !!
It can only be done by the proxy at the firewall-computer. So the
application at the inside-pc must work with proxy and
can not resolve internet-adresses by itself.
Which configuration is better ?
Will everything work with version 2 (no forwarding) ?
It is even more complicated because we will have to
application-level-firewalls (cascaded).
The first firewall sends the traffic to the second firewall and from
there to the internet and vice versa.
Bley Hans
Bayerische Staatskanzlei
PGP-Key available via any key-server
Fingerprint: 47 07 48 39 AA 10 13 E1 F6 F5 61 77 D1 44 D0 8F
Follow-Ups:
|
|
