From owner-freebsd-security Sun Jan 30 19:37:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from queasy.outpost.co.nz (outpost2.inspire.net.nz [203.96.157.26]) by hub.freebsd.org (Postfix) with SMTP id 5F0AA14A0B for ; Sun, 30 Jan 2000 19:37:12 -0800 (PST) (envelope-from crh@outpost.co.nz) Received: (qmail 10484 invoked from network); 31 Jan 2000 03:37:06 -0000 Received: from erstumper.outpost.co.nz (HELO outpost.co.nz) (192.168.1.7) by outpost2.inspire.net.nz with SMTP; 31 Jan 2000 03:37:06 -0000 Message-ID: <38962E10.9951FD38@outpost.co.nz> Date: Mon, 31 Jan 2000 16:51:28 -0800 From: Craig Harding Organization: Outpost Digital Media Ltd X-Mailer: Mozilla 4.06 [en] (Win98; I) MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: Continual DNS requests from mysterious IP Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett Glass wrote: > Which brings up a question I've had for a long time. When I set up a > system as a NAT router, I would like to assign names to the internal > machines (e.g. on 10.x.x.x) so that the POP server and other programs > that do DNS queries are happy. (It also makes the logs more readable.) > However, I don't want anyone OUTSIDE to be able to do forward or > reverse DNS for those machines. Is there an easy way to do this? I'm in exactly the same situation on our network. I originally planned to use two copies of BIND running on the one gateway machine, each listening on a different interface (1 internal, 1 external), but with the version of BIND I was using (8.1 I think) I found that this wasn't possible, contrary to the documentation. Instead I just use a second machine as the authoritative nameserver for all the internal machines. It knows about the local names for everything on our 192.168.x.x net, and forwards external queries to the real nameserver, which is visible to the outside world and has a real IP address. This works satisfactorily, although I would prefer a more elegant solution. -- C. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message