DNS Question
Nathaniel Hall
halln at otc.edu
Fri Dec 17 21:50:38 UTC 2004
Everything we do requires a single domain so I can't do that and I don't
want to update everything on the ISPs, so that won't work either.
Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln at otc.edu
417-447-7535
Rich Burroughs wrote:
> Nathaniel Hall wrote:
>
>> Maybe an example will clear it up a bit.
>>
>> Our DNS resolves domain.com. I have system1.domain.com correctly
>> resolving using the DMZ DNS.
>> The ISP DNS also resolves system1.domain.com for users outside the
>> firewalls. In addition to system1, system2.domain.com resolves on
>> the ISP DNS from the outside.
>>
>> If I am on the inside and try to resolve system2.domain.com, it
>> doesn't get resolved because it is not setup in the DMZ DNS. I want
>> to be able to resolve system2.domain.com by passing the query from
>> the DMZ DNS to the ISP DNS.
>>
>> I know it is confusing. If there are any questions, let me know.
>
>
> Hi Nathaniel,
>
> I didn't find your explanation confusing, I understand exactly what
> you mean. I don't know if a way to do exactly what you're asking for,
> though. As far as I know, you will need to update the DNS on the DMZ
> box to match both what is in the ISP's zone and also whatever internal
> entries you need.
>
> Perhaps someone who knows more about DNS than I do will have a fix for
> you, though :)
>
> Another option would be to use a different domain for the internal
> addresses, and then have the ISP resolve all the queries for the
> external domain. So if you were using foo.com for the main, external
> domain, you might grab foo.net and use that for the internal addresses.
>
>
> Rich
>
>
More information about the fedora-list
mailing list