Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 31 Jan 2000 16:51:28 -0800
From:      Craig Harding <crh@outpost.co.nz>
To:        freebsd-security@freebsd.org
Subject:   Re: Continual DNS requests from mysterious IP
Message-ID:  <38962E10.9951FD38@outpost.co.nz>

next in thread | raw e-mail | index | archive | help
Brett Glass <brett@lariat.org> wrote:

> Which brings up a question I've had for a long time. When I set up a
> system as a NAT router, I would like to assign names to the internal
> machines (e.g. on 10.x.x.x) so that the POP server and other programs
> that do DNS queries are happy. (It also makes the logs more readable.)
> However, I don't want anyone OUTSIDE to be able to do forward or
> reverse DNS for those machines. Is there an easy way to do this?

I'm in exactly the same situation on our network. I originally
planned to use two copies of BIND running on the one gateway machine,
each listening on a different interface (1 internal, 1 external), but
with the version of BIND I was using (8.1 I think) I found that this
wasn't possible, contrary to the documentation.

Instead I just use a second machine as the authoritative nameserver
for all the internal machines. It knows about the local names for
everything on our 192.168.x.x net, and forwards external queries to
the real nameserver, which is visible to the outside world and has
a real IP address. This works satisfactorily, although I would prefer
a more elegant solution.

						-- C.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38962E10.9951FD38>