Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] Re: DNS Concept for DMZ
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Sat, 25 Mar 2000 17:51:06 +0100
  • Message-id: <20000325175106.B2545@xxxxxxxxx>
* Michael Hamm wrote on Fri, Mar 24, 2000 at 16:40 +0100:
> Okay, so I try this:
> 1. The Gateway try to resolve every Name by the Internal DNS-Server.
> 2. Internal names will be found.
> 3. If nothing is found, the Internal DNS-Server will forward
> the question to a DNS-Server running on the Gateway.
> 4. The DNS-Server running on the Gateway forward every question
> to the Providers DNS-Server.
>
> It seems to be a long way. What about the performance???

Usually your internal DNS server should cache the RRs, and keep
in mind that clients query forwarders of the ISP usually.
Alternatively you can allow your internal DNS-server to do
recursive queries be itself, but then you have to allow the whole
net to send packets to the domain port of your internal server,
so I would prefer to forward all queries to an ISP DNS server.

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >
References