Date: Sat, 12 Feb 2000 12:29:17 -0600 From: Richard Martin <dmartin@origen.com> To: "David A. Gobeille" <dgobe@mcs.net> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: DSL firewall and DNS Message-ID: <38A5A67D.47F490D5@origen.com> References: <38A506F9.F402F9D@mcs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Setup looks OK
> 1. When I register "company.com" with a registrar, will
> I be able to use 200.1.2.50 & 51 as my name server
> addresses?
Short answer is yes, but that leaves you hanging by a thread. It might be
better to have your ISP agree to run their system as a slave and leave yours
as the master. Easy for both of you.
There is another issue I haven't seen addressed and that is reverse DNS. To
be authoritative for a small section of a network, you must have your ISP
grant you authority in that block. Sorry I have misplaced the RFC, but look
up info on 'Subdomains of in-addr.arpa domains'. Its in the OReilly book,
too.
> Configuration files for named:
> options {
> directory "/etc/namedb";
>
> forwarders {
> isp's dns server;
> ditto;
I would suggest adding these options as well
allow-transfer (your slaves);
fetch-glue no;
allow-recursion (your nets, int and ext);
to keep from giving away the phone book
(other zone files ok)
>
> zone "2.168.192.in-addr.arpa" {
> type master;
> file "company.com.rev";
> };
This needs to come out. Best to run private network DNS addresses on the
other side of the firewall, or thru hosts, netbios, etc.
--
Richard Martin dmartin@origen.com
OriGen Biomedical Tel: +1 512 474 7278
2525 Hartford Rd. Fax: +1 512 708 8522
Austin, TX 78703 http://www.cardiacdocs.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38A5A67D.47F490D5>