Date: Sat, 12 Feb 2000 12:29:17 -0600 From: Richard Martin <dmartin@origen.com> To: "David A. Gobeille" <dgobe@mcs.net> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: DSL firewall and DNS Message-ID: <38A5A67D.47F490D5@origen.com> References: <38A506F9.F402F9D@mcs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Setup looks OK > 1. When I register "company.com" with a registrar, will > I be able to use 200.1.2.50 & 51 as my name server > addresses? Short answer is yes, but that leaves you hanging by a thread. It might be better to have your ISP agree to run their system as a slave and leave yours as the master. Easy for both of you. There is another issue I haven't seen addressed and that is reverse DNS. To be authoritative for a small section of a network, you must have your ISP grant you authority in that block. Sorry I have misplaced the RFC, but look up info on 'Subdomains of in-addr.arpa domains'. Its in the OReilly book, too. > Configuration files for named: > options { > directory "/etc/namedb"; > > forwarders { > isp's dns server; > ditto; I would suggest adding these options as well allow-transfer (your slaves); fetch-glue no; allow-recursion (your nets, int and ext); to keep from giving away the phone book (other zone files ok) > > zone "2.168.192.in-addr.arpa" { > type master; > file "company.com.rev"; > }; This needs to come out. Best to run private network DNS addresses on the other side of the firewall, or thru hosts, netbios, etc. -- Richard Martin dmartin@origen.com OriGen Biomedical Tel: +1 512 474 7278 2525 Hartford Rd. Fax: +1 512 708 8522 Austin, TX 78703 http://www.cardiacdocs.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38A5A67D.47F490D5>