Hey list! if you can spare some time read the following :) i have a domain living inside a very very unsecure university network that is administered by some morons. it is highly compromised in many layers but i can't touch it. so i have a NATing firewall and i am running my services behind that. notice here that my domain resolves to some .org having nothing to do with the network i live in. It seems logical to try to depend as little as possible on their servers with the exception of their gateway (i have to pass through :( ). To access my internal boxen i am using rdr on different gw ports to internal sshds. all my machines on their resolv.conf have my internal NS and some top-level ones. ( i thought that this would protect me from quering the unsecure parent NS ). But when i tried to connect at first i noticed that my sshd was too slow on responding for auth. This of course related to domain services not passing correctly through the fw. but i explicitly permitted outgoing domain packets for the top-level NSs. wathing the logs i noticed that sshd tried to contact the unsecure parent NS although there was no mention for it on any resolv.conf. (it has to resolve the route? didn't know that...) so the question is... If i instruct my internal NS to resolve a part of the network i live in, could i stop communicating with their piece of junk? (although i find that an ugly solution :( ) maybe i get it all wrong?? Thanks :) DsP
