[23805] in North American Network Operators' Group
Re: address spoofing
daemon@ATHENA.MIT.EDU (Andrew Brown)
Sat Apr 24 00:35:17 1999
Date: Sat, 24 Apr 1999 00:33:50 -0400
From: Andrew Brown <twofsonet@graffiti.com>
To: Phil Howard <phil@whistler.intur.net>
Cc: nanog@merit.edu
Reply-To: Andrew Brown <atatat@atatdot.net>
In-Reply-To: <199904240225.VAA14656@whistler.intur.net>; from Phil Howard on Fri, Apr 23, 1999 at 09:25:29PM -0500
Errors-To: owner-nanog-outgoing@merit.edu
>If BIND could be modified to deliver different results depending on the
>source of the request, or it's interface, then it might become easy for
>people to setup DNS to avoid this.
not running a current bind, eh? :P
the 8.x.x series bind dynamically picks up and drops interfaces as
they appear and disappear, and can be told on which interfaces to
listen. so...you can actually have a publicly available,
non-recursive name server to answer the queries for the zones for
which you need to be authoritative on the interface(s) to which those
zones are delegated.
then, you can have (if you want) another bind listening on other
interfaces for other stuff. like the "internal dns" server that you
mentioned. or maybe a recursive, caching-only server that listens
only on 127.0.0.1. of course...they can speak to each other if need
be. :)
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."
