Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 12 Feb 2000 12:29:17 -0600
From:      Richard Martin <dmartin@origen.com>
To:        "David A. Gobeille" <dgobe@mcs.net>
Cc:        freebsd-isp@FreeBSD.ORG
Subject:   Re: DSL firewall and DNS
Message-ID:  <38A5A67D.47F490D5@origen.com>
References:  <38A506F9.F402F9D@mcs.net>

next in thread | previous in thread | raw e-mail | index | archive | help

Setup looks OK
 
>         1. When I register "company.com" with a registrar, will
>            I be able to use 200.1.2.50 & 51 as my name server
>            addresses? 

Short answer is yes, but that leaves you hanging by a thread.  It might be
better to have your ISP agree to run their system as a slave and leave yours
as the master.  Easy for both of you. 

There is another issue I haven't seen addressed and that is reverse DNS.  To
be authoritative for a small section of a network, you must have your ISP
grant you authority in that block.  Sorry I have misplaced the RFC, but look
up info on 'Subdomains of in-addr.arpa domains'.  Its in the OReilly book,
too.



> Configuration files for named: 
> options {
>         directory "/etc/namedb";
> 
>         forwarders {
>                 isp's dns server;
>                 ditto;

I would suggest adding these options as well

	allow-transfer (your slaves);
	fetch-glue no;
	allow-recursion (your nets, int and ext);

to keep from giving away the phone book
 

(other zone files ok)

> 
> zone "2.168.192.in-addr.arpa" {
>         type master;
>         file "company.com.rev";
> };

This needs to come out.  Best to run private network DNS addresses on the
other side of the firewall, or thru hosts, netbios, etc.


-- 
Richard Martin       dmartin@origen.com

OriGen Biomedical    Tel: +1 512 474 7278
2525 Hartford Rd.    Fax: +1 512 708 8522
Austin, TX 78703     http://www.cardiacdocs.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38A5A67D.47F490D5>