torriem at chem.byu.edu
Sat Sep 24 10:23:16 MDT 2005
On Fri, 2005-09-23 at 22:08 -0600, Mitch Anderson wrote:
> For our DNS setup... I use a mix of split-horizon and a hidden master
> DNS server. For security reasons I don't have the master name server
> visible externally(sits on its own network off the core network). As an
> example, I have a name server (we'll call it ns.domain.com). This is
> the master name server and also is a split-horizon name server, setup to
> allow all internal clients to see the "internal" view of my zones. I
> have two external DNS servers(ns1 and ns2 .domain.com), that are setup
> as slaves for my external views of my zones in our DMZ. I also have one
> other internal DNS server (in-ns3.domain.com) that is a slave for the
> internal zones. It makes management of zone data a breeze because I
> only ever have to go to one server to make any updates or changes. With
> the added security of no one externally allowed access to my master name
> server... any exploits to DNS will be overwritten in 8 - 12 hours
> depending on the TTL of the zone. Regardless of me knowing about it or not.
> This setup could be easily achieved with Bind9 or djbdns.
Nice. I'll have to look into implementing such a system. Thanks for
the information. That is indeed a great way of managing it.
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
Michael Torrie <torriem at chem.byu.edu>
More information about the PLUG