From owner-freebsd-hackers Mon Feb 19 18:57:06 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id SAA14200 for hackers-outgoing; Mon, 19 Feb 1996 18:57:06 -0800 (PST) Received: from nervosa.com (root@nervosa.com [192.187.228.86]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id SAA14195 for ; Mon, 19 Feb 1996 18:57:02 -0800 (PST) Received: from nervosa.com (coredump@onyx.nervosa.com [10.0.0.1]) by nervosa.com (8.7.3/nervosa.com.2) with SMTP id SAA01348; Mon, 19 Feb 1996 18:56:36 -0800 (PST) Date: Mon, 19 Feb 1996 18:56:33 -0800 (PST) From: invalid opcode To: Ollivier Robert cc: Narvi , me@gw.muc.ditec.de, hackers@freebsd.org Subject: Re: An ISP's Wishlist... In-Reply-To: <199602192116.WAA20624@keltia.freenix.fr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@freebsd.org Precedence: bulk On Mon, 19 Feb 1996, Ollivier Robert wrote: > It seems that Narvi said: > > > I've done this, it wasn't too difficult. I'm now running three > > > nameds on our firewall bastion, one to serve the inside network > > > with everything on the outside hidden and a wildcard MX-record Why not just run 2 named servers on 2 seperate machines ( 2 total ). The bastion host would run named, and any name queries to the protected network would be forwarded to an internal host running the second named server, which of course, by default (firewalled), only trusts the bastion host. This way you only run 2 named servers, and protect the secrecy of the internal hosts. Of course, the only problem I can think of is the possibility of the bastion named caching the lookups and outsiders being able to see internal hostnames via the cache. == Chris Layne ============================================================= == coredump@nervosa.com ================= http://www.nervosa.com/~coredump ==