[NTLUG:Discuss] opinions on where to run DNS server..... firewall vs main server.

[Scott Womer]

Opinion Alert:

What I found that worked best for me, when needed to resolve both internal
and external addresses for the nodes on the inside of the firewall, and
provide name resolution for the machines outside the firewall, is to run
what's call a split-level dns.  Putting a minimal dns on the firewall
itself, this one should be able to resolve only the names and addresses of
the publicly accessible machines, this dns would point to the normal root
servers.  Put another dns on a machine inside the firewall that resolves
just the private side of the network, this dns would use the firewall dns as
it's root level dns and it's forwarder.  Both your dns servers would have
the internal dns configured as it's primary resolver.

That's about as simple as I can make it sound without going into 10 pages of
detail.  If you want more detail, or just have questions... let me know.


Thanks,
Scott Womer


----- Original Message -----
From: "clyde swann" <swannc at hotmail.com>
To: <discuss at ntlug.org>
Sent: Tuesday, February 29, 2000 8:19 PM
Subject: [NTLUG:Discuss] opinions on where to run DNS server..... firewall
vs main server.


> i had started setting up dns to run on my firewall/gateway/router machine
> (486dx2/66, 32mg ram, linux v6.0), connected to adsl line with static ip.
> then i read something that suggested the dns server is expected to be run
on
> the main server (pii-450, 192mg ram, linux v6.1).  just curious as to the
> assumption, other than it being a server program.  are there any real
> pros/cons?
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss