In article <mailman.1637.1383850377.20661.bind-us...@lists.isc.org>, Jonathan Reed <cronst...@gmail.com> wrote:
> I'd like my global BIND server to slave a copy of my zone from the master > being hosted on my LAN. It appears that this is called a stealth setup. I > figured I'd achieve this by having the secondary on the internet slave a > view, but I've read that this is not ideal from a security standpoint. The > argument being that the zone file contains an IP address of it's master. So > whats the best way to do this? You don't have to put the hidden master in the public zone file. > > A stealth scenario also seems susceptible to a higher chance where the > connection is lost between master and slave (complicated by a LAN > firewall/ISP in between) and the expire exceeding. We're hosting our global Expire time should be at least a week. If your firewall blocks connections for that long, you have bigger problems than this. > DNS through a provider, so there doesnt seem like an easy way to monitor > and confirm a zone transfer from our master alone. Any recommendations? -- Barry Margolin Arlington, MA _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
