Date: Mon, 19 Feb 1996 18:56:33 -0800 (PST) From: invalid opcode <coredump@nervosa.com> To: Ollivier Robert <roberto@keltia.freenix.fr> Cc: Narvi <narvi@haldjas.folklore.ee>, me@gw.muc.ditec.de, hackers@freebsd.org Subject: Re: An ISP's Wishlist... Message-ID: <Pine.BSF.3.91.960219184854.1181D-100000@nervosa.com> In-Reply-To: <199602192116.WAA20624@keltia.freenix.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 19 Feb 1996, Ollivier Robert wrote: > It seems that Narvi said: > > > I've done this, it wasn't too difficult. I'm now running three > > > nameds on our firewall bastion, one to serve the inside network > > > with everything on the outside hidden and a wildcard MX-record Why not just run 2 named servers on 2 seperate machines ( 2 total ). The bastion host would run named, and any name queries to the protected network would be forwarded to an internal host running the second named server, which of course, by default (firewalled), only trusts the bastion host. This way you only run 2 named servers, and protect the secrecy of the internal hosts. Of course, the only problem I can think of is the possibility of the bastion named caching the lookups and outsiders being able to see internal hostnames via the cache. == Chris Layne ============================================================= == coredump@nervosa.com ================= http://www.nervosa.com/~coredump ==
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960219184854.1181D-100000>