Date: Sun, 30 Jan 2000 20:48:38 -0800 From: Alfred Perlstein <bright@wintelcom.net> To: Craig Harding <crh@outpost.co.nz> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Continual DNS requests from mysterious IP Message-ID: <20000130204837.M13027@fw.wintelcom.net> In-Reply-To: <38962E10.9951FD38@outpost.co.nz>; from crh@outpost.co.nz on Mon, Jan 31, 2000 at 04:51:28PM -0800 References: <38962E10.9951FD38@outpost.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
* Craig Harding <crh@outpost.co.nz> [000130 20:03] wrote: > Brett Glass <brett@lariat.org> wrote: > > > Which brings up a question I've had for a long time. When I set up a > > system as a NAT router, I would like to assign names to the internal > > machines (e.g. on 10.x.x.x) so that the POP server and other programs > > that do DNS queries are happy. (It also makes the logs more readable.) > > However, I don't want anyone OUTSIDE to be able to do forward or > > reverse DNS for those machines. Is there an easy way to do this? > > I'm in exactly the same situation on our network. I originally > planned to use two copies of BIND running on the one gateway machine, > each listening on a different interface (1 internal, 1 external), but > with the version of BIND I was using (8.1 I think) I found that this > wasn't possible, contrary to the documentation. > > Instead I just use a second machine as the authoritative nameserver > for all the internal machines. It knows about the local names for > everything on our 192.168.x.x net, and forwards external queries to > the real nameserver, which is visible to the outside world and has > a real IP address. This works satisfactorily, although I would prefer > a more elegant solution. Do a search for my name and this subject and you'll see that I posted some tips on getting recent bind 8.2.2 working on multiple interfaces. The problem stems from the ndc named pipe it uses. -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000130204837.M13027>