[4441] in WWW Security List Archive
Re: Split DNS - Another way
daemon@ATHENA.MIT.EDU (Dave Cosio)
Fri Feb 14 17:15:08 1997
Date: Fri, 14 Feb 1997 14:10:38 -0500
From: dcosio@tanis.cptech.com (Dave Cosio)
To: matt@acmebw.com, kkessel@hteinc.com, firewalls@GreatCircle.COM,
anton@the-wire.com
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Some things to concider with Split DNS.
Who is the authority? Is it the firewall? is it the ISP?
IF it is the firewall then all records (MX, PTR and any exposed A)
records should be in your db file. If it is the ISP then you will
need to tell the ISP that your OUTSIDE address of the firewall is to
be the MX for mail.
Do not set up your internal machine as the Authority. Why ? You don't
want to do zone transfers to the internet about the inside of your
domain. If the inside DNS server is the authority then change it
to find this info out run
#whois yourdomain.com.
This will give you all the info you need about who is the authorities.
-Dave
-------------------------------------------------------------------------------
Dave Cosio Corporate Technologies Inc.
Systems Consultant Tel 508.459.2420 x20
Network Security and Systems Integrators 100 foot of John Street
http://www.cptech.com Lowell Massachusetts
"Make mine a Smutty" -Smuttynose Brewing Co slogan.
