Date: Mon, 31 Jan 2000 16:51:28 -0800 From: Craig Harding <crh@outpost.co.nz> To: freebsd-security@freebsd.org Subject: Re: Continual DNS requests from mysterious IP Message-ID: <38962E10.9951FD38@outpost.co.nz>
next in thread | raw e-mail | index | archive | help
Brett Glass <brett@lariat.org> wrote: > Which brings up a question I've had for a long time. When I set up a > system as a NAT router, I would like to assign names to the internal > machines (e.g. on 10.x.x.x) so that the POP server and other programs > that do DNS queries are happy. (It also makes the logs more readable.) > However, I don't want anyone OUTSIDE to be able to do forward or > reverse DNS for those machines. Is there an easy way to do this? I'm in exactly the same situation on our network. I originally planned to use two copies of BIND running on the one gateway machine, each listening on a different interface (1 internal, 1 external), but with the version of BIND I was using (8.1 I think) I found that this wasn't possible, contrary to the documentation. Instead I just use a second machine as the authoritative nameserver for all the internal machines. It knows about the local names for everything on our 192.168.x.x net, and forwards external queries to the real nameserver, which is visible to the outside world and has a real IP address. This works satisfactorily, although I would prefer a more elegant solution. -- C. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38962E10.9951FD38>