[ale] DNS Questions

Cordell, Ron ron.cordell at sipstorm.com
Thu Nov 18 09:33:17 EST 2004


Hi everyone,

I'm new to the list, but not necessarily to the group :)

I have a couple of DNS questions I was hoping people could help me out
with.

The first question is network topology and where to deploy DNS servers.
Let's say I have a segmented network, with a DMZ in front of a firewall,
and then two or three separate networks behind the firewall. I need to
set up DNS so that all these servers can resolve their private,
"internal" names, but also so that the machines in the DMZ can use the
DNS. Seems like I need a DNS primary/secondary pair in the DMZ, and also
another DNS in each network segment behind the firewall. Can anyone
steer me to a good place to get a good understanding of how I should set
this sort of thing up?

The second questions is about how to secure bind. We are using Fedora
Core 3. I've been reading that bind should be in a chroot jail. This
sounds like a pretty good practice. What other suggestions do people
have for securing bind?

Thanks in advance for pointing me in the right direction.

Ron Cordell




More information about the Ale mailing list