Re: [suse-security] Two minded DNS-Server

25 Oct 2002

      This is also known (more properly as split-brained)

It allows you to answer differently for resolution depending on the
'source' interface.

you can map a.example.com -> 10.0.0.1 for queries generated on the
'internal' interface and a.example.com -> 66.233.300.1 (Yes I know that
is not a valid ip :) ) for queries on an external interface.

You do run two named processes, which can make using ndc pretty tricky
(if possible at all) and they bind to whichever interfaces you wish.

Bind 9 is much more flexible in how you handle 'views' in that you can
set something akin to 'acls'

On Fri, Oct 25, 2002 at 09:56:47AM +0300, Togan Muftuoglu wrote:
...
* Ingo Doerrie;  on 25 Oct, 2002 wrote:
...
Hello!
What is a "Two Minded DNS-Server"?
Who can explain this to me and send a sample config for Bind8-DNS Server 
on SuSE 8.0?
My understanding
The "Two minded" feature means that there will be (2) named processes 
running
on your machine. One daemon will run and answer DNS queries for the external
interface while the other daemon will answer on the internal interface for 
the
private network. This setup helps protect your internal network IP addresses
and names from being exposed to people out on the Internet.
Look for Bind9 Howto
--
Togan Muftuoglu
Unofficial SuSE FAQ Maintainer
http://dinamizm.ath.cx
-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here
-- 
Jeff Graham  
GnuPG 1.0.6 Public key #9373D50B (0x9373D50B) certserver.pgp.com
Key fingerprint = 13FA F174 5F18 F3A8 1EFE  6930 B5FE 45BA 9373 D50B