Date: Tue, 20 Feb 1996 15:34:02 +0200 (EET) From: Narvi <narvi@haldjas.folklore.ee> To: Ollivier Robert <roberto@keltia.freenix.fr> Cc: invalid opcode <coredump@nervosa.com>, me@gw.muc.ditec.de, hackers@freebsd.org Subject: Re: An ISP's Wishlist... Message-ID: <Pine.BSF.3.91.960220152745.10170D-100000@haldjas.folklore.ee> In-Reply-To: <199602200657.HAA01159@keltia.freenix.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 20 Feb 1996, Ollivier Robert wrote: > It seems that invalid opcode said: > > Why not just run 2 named servers on 2 seperate machines ( 2 total ). The > > bastion host would run named, and any name queries to the protected > > network would be forwarded to an internal host running the second named > > There is an easier way. > > Have two hosts, one runs the public DNS server. The second one is running > the private DNS server; it has the forwarders/slave clause in the > named.boot to resolve anything it's not primary or secondary for. The > public DNS machine is of course a _client_ of the private DNS. > > Flow: > > ^ server-server flow to resolv external hosts > | > | > | server-server flow (forwarders) > public <---------------------------------- private > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=> > client-server flow ^ > I client-server flow > I > Internal hosts > > That way, no risk with the public's cache leaking host names. > > I hope the "drawing" is clear enough. > -- > Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.frmug.fr.net > FreeBSD keltia.freenix.fr 2.2-CURRENT #1: Tue Feb 20 01:16:51 MET 1996 > The problem is - you have to have *two* machines - there are people/times/places where there is just *one* available - the one that has to do everything (or just about everything). Sander.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960220152745.10170D-100000>