Date: Tue, 20 Feb 1996 07:57:02 +0100 (MET) From: Ollivier Robert <roberto@keltia.freenix.fr> To: coredump@nervosa.com (invalid opcode) Cc: narvi@haldjas.folklore.ee, me@gw.muc.ditec.de, hackers@freebsd.org Subject: Re: An ISP's Wishlist... Message-ID: <199602200657.HAA01159@keltia.freenix.fr> In-Reply-To: <Pine.BSF.3.91.960219184854.1181D-100000@nervosa.com> from invalid opcode at "Feb 19, 96 06:56:33 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
It seems that invalid opcode said:
> Why not just run 2 named servers on 2 seperate machines ( 2 total ). The
> bastion host would run named, and any name queries to the protected
> network would be forwarded to an internal host running the second named
There is an easier way.
Have two hosts, one runs the public DNS server. The second one is running
the private DNS server; it has the forwarders/slave clause in the
named.boot to resolve anything it's not primary or secondary for. The
public DNS machine is of course a _client_ of the private DNS.
Flow:
^ server-server flow to resolv external hosts
|
|
| server-server flow (forwarders)
public <---------------------------------- private
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=>
client-server flow ^
I client-server flow
I
Internal hosts
That way, no risk with the public's cache leaking host names.
I hope the "drawing" is clear enough.
--
Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.frmug.fr.net
FreeBSD keltia.freenix.fr 2.2-CURRENT #1: Tue Feb 20 01:16:51 MET 1996
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602200657.HAA01159>