Jonathan Feally wrote: > Has anyone come across a daemon that will translate dns query > responses from inside ip's to outside ip's, when the query is though > the firewall? The CISCO PIX I have at work does this with the alias > command - but - I'm not at work where I'd like to do that.
See the BIND-9 administrator's guide at http://www.nominum.com/content/documents/bind9arm.pdf Specificly: "4.3. Split DNS Setting up different views, or visibility, of DNS space to internal and external resolvers is usually referred to as a Split DNS setup. There are several reasons an organization would want to set up its DNS this way. One common reason for setting up a DNS system this way is to hide "internal" DNS information from "external" clients on the Internet. There is some debate as to whether or not this is actually useful. Internal DNS information leaks out in many ways (via email headers, for example) and most savvy"attackers" can find the information they need using other means.Another common reason for setting up a Split DNS system is to allow internal networks that are behind filters or in RFC 1918 space (reserved IP space, as documented in RFC 1918) to resolve DNS on the Internet. Split DNS can also be used to allow mail from outside back in to the internal network." -Chuck To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
