Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 12 Feb 2000 14:48:51 -0600
From:      "David A. Gobeille" <dgobe@mcs.net>
To:        Richard Martin <dmartin@origen.com>
Cc:        freebsd-isp@freebsd.org
Subject:   Re: DSL firewall and DNS
Message-ID:  <38A5C733.7D748600@mcs.net>
References:  <38A506F9.F402F9D@mcs.net> <38A5A67D.47F490D5@origen.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Richard Martin wrote:
> 
> Setup looks OK
> 
> >         1. When I register "company.com" with a registrar, will
> >            I be able to use 200.1.2.50 & 51 as my name server
> >            addresses?
> 
> Short answer is yes, but that leaves you hanging by a thread.  It might be
> better to have your ISP agree to run their system as a slave and leave yours
> as the master.  Easy for both of you.
> 
> There is another issue I haven't seen addressed and that is reverse DNS.  To
> be authoritative for a small section of a network, you must have your ISP
> grant you authority in that block.  Sorry I have misplaced the RFC, but look
> up info on 'Subdomains of in-addr.arpa domains'.  Its in the OReilly book,
> too.


RFC2317 describes in-addr.arpa delegation on non-octet boundaries.
I had that in the configuration posted. (but I have not talked with the
ISP yet to see if they would delegate that zone)


> > Configuration files for named:
> > options {
> >         directory "/etc/namedb";
> >
> >         forwarders {
> >                 isp's dns server;
> >                 ditto;
> 
> I would suggest adding these options as well
> 
>         allow-transfer (your slaves);
>         fetch-glue no;
>         allow-recursion (your nets, int and ext);
> 
> to keep from giving away the phone book
> 
> 
> (other zone files ok)
> 
> >
> > zone "2.168.192.in-addr.arpa" {
> >         type master;
> >         file "company.com.rev";
> > };
> 
> This needs to come out.  Best to run private network DNS addresses on the
> other side of the firewall, or thru hosts, netbios, etc.
> 
> --
> Richard Martin       dmartin@origen.com
> 
> OriGen Biomedical    Tel: +1 512 474 7278
> 2525 Hartford Rd.    Fax: +1 512 708 8522
> Austin, TX 78703     http://www.cardiacdocs.com


Thanks for the info.  After your reply and some others I think
I will have the ISP do all or at least secondary DNS.


-- 

Dave


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38A5C733.7D748600>