BIND problem

Michael Torrie torriem at chem.byu.edu
Sat Sep 24 10:23:16 MDT 2005


On Fri, 2005-09-23 at 22:08 -0600, Mitch Anderson wrote:
> For our DNS setup... I use a mix of split-horizon and a hidden master 
> DNS server.  For security reasons I don't have the master name server 
> visible externally(sits on its own network off the core network).  As an 
> example, I have a name server (we'll call it ns.domain.com).  This is 
> the master name server and also is a split-horizon name server, setup to 
> allow all internal clients to see the "internal" view of my zones.  I 
> have two external DNS servers(ns1 and ns2 .domain.com), that are setup 
> as slaves for my external views of my zones in our DMZ.  I also have one 
> other internal DNS server (in-ns3.domain.com) that is a slave for the 
> internal zones.  It makes management of zone data a breeze because I 
> only ever have to go to one server to make any updates or changes.  With 
> the added security of no one externally allowed access to my master name 
> server... any exploits to DNS will be overwritten in 8 - 12 hours 
> depending on the TTL of the zone.  Regardless of me knowing about it or not.
> 
> This setup could be easily achieved with Bind9 or djbdns.

Nice.  I'll have to look into implementing such a system.  Thanks for
the information.  That is indeed a great way of managing it.


> 
> Mitch
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
-- 
Michael Torrie <torriem at chem.byu.edu>



More information about the PLUG mailing list