From owner-freebsd-hackers  Tue Feb 20 05:39:28 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id FAA13043
          for hackers-outgoing; Tue, 20 Feb 1996 05:39:28 -0800 (PST)
Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id FAA13026
          for <hackers@freebsd.org>; Tue, 20 Feb 1996 05:39:15 -0800 (PST)
Received: (from narvi@localhost) by haldjas.folklore.ee (8.6.12/8.6.12) id PAA10366; Tue, 20 Feb 1996 15:34:03 +0200
Date: Tue, 20 Feb 1996 15:34:02 +0200 (EET)
From: Narvi <narvi@haldjas.folklore.ee>
To: Ollivier Robert <roberto@keltia.freenix.fr>
cc: invalid opcode <coredump@nervosa.com>, me@gw.muc.ditec.de,
        hackers@freebsd.org
Subject: Re: An ISP's Wishlist...
In-Reply-To: <199602200657.HAA01159@keltia.freenix.fr>
Message-ID: <Pine.BSF.3.91.960220152745.10170D-100000@haldjas.folklore.ee>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@freebsd.org
Precedence: bulk



On Tue, 20 Feb 1996, Ollivier Robert wrote:

> It seems that invalid opcode said:
> > Why not just run 2 named servers on 2 seperate machines ( 2 total ). The 
> > bastion host would run named, and any name queries to the protected 
> > network would be forwarded to an internal host running the second named 
> 
> There is an easier way. 
> 
> Have two hosts, one  runs the public DNS  server. The second one is running
> the private   DNS  server;  it  has  the   forwarders/slave clause in   the
> named.boot to  resolve  anything it's not primary   or secondary  for.  The
> public DNS machine is of course a _client_ of the private DNS. 
> 
> Flow:
> 
>       ^ server-server flow to resolv external hosts
>       |
>       |
>       |    server-server flow (forwarders)
>    public <----------------------------------    private
>           -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=>
>                      client-server flow             ^
>                                                     I client-server flow
>                                                     I
>                                               Internal hosts
> 
> That way, no risk with the public's cache leaking host names.
> 
> I hope the "drawing" is clear enough.
> -- 
> Ollivier ROBERT    -=- The daemon is FREE! -=-    roberto@keltia.frmug.fr.net
>    FreeBSD keltia.freenix.fr 2.2-CURRENT #1: Tue Feb 20 01:16:51 MET 1996
> 

The problem is - you have to have *two* machines - there are 
people/times/places where there is just *one* available - the one that 
has to do everything (or just about everything).

	Sander.