Jonathan Feally wrote:
> Has anyone come across a daemon that will translate dns query
> responses from inside ip's to outside ip's, when the query is though
> the firewall? The CISCO PIX I have at work does this with the alias
> command - but - I'm not at work where I'd like to do that.

See the BIND-9 administrator's guide at
http://www.nominum.com/content/documents/bind9arm.pdf

Specificly:

"4.3. Split DNS

Setting up different views, or visibility, of DNS space to internal and external
resolvers is usually referred to as a Split DNS setup. There are several reasons
an organization would want to set up its DNS this way.  One common reason for
setting up a DNS system this way is to hide "internal" DNS information from
"external" clients on the Internet. There is some debate as to whether or not
this is actually useful.

Internal DNS information leaks out in many ways (via email headers, for example)
and most savvy"attackers" can find the information they need using other
means.Another common reason for setting up a Split DNS system is to allow
internal networks that are behind filters or in RFC 1918 space (reserved IP
space, as documented in RFC 1918) to resolve DNS on the Internet. Split DNS can
also be used to allow mail from outside back in to the internal network."

-Chuck


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Reply via email to