BIND problem

Michael Torrie torriem at
Sat Sep 24 10:23:16 MDT 2005

On Fri, 2005-09-23 at 22:08 -0600, Mitch Anderson wrote:
> For our DNS setup... I use a mix of split-horizon and a hidden master 
> DNS server.  For security reasons I don't have the master name server 
> visible externally(sits on its own network off the core network).  As an 
> example, I have a name server (we'll call it  This is 
> the master name server and also is a split-horizon name server, setup to 
> allow all internal clients to see the "internal" view of my zones.  I 
> have two external DNS servers(ns1 and ns2, that are setup 
> as slaves for my external views of my zones in our DMZ.  I also have one 
> other internal DNS server ( that is a slave for the 
> internal zones.  It makes management of zone data a breeze because I 
> only ever have to go to one server to make any updates or changes.  With 
> the added security of no one externally allowed access to my master name 
> server... any exploits to DNS will be overwritten in 8 - 12 hours 
> depending on the TTL of the zone.  Regardless of me knowing about it or not.
> This setup could be easily achieved with Bind9 or djbdns.

Nice.  I'll have to look into implementing such a system.  Thanks for
the information.  That is indeed a great way of managing it.

> Mitch
> /*
> PLUG:, #utah on
> Unsubscribe:
> Don't fear the penguin.
> */
Michael Torrie <torriem at>

More information about the PLUG mailing list