10-17-2001
10:42 PM
- last edited on
02-21-2020
11:13 PM
by
cc_security_adm
I have a PIX firewall with registered DNS. The problem is that internal users use the same DNS that the outside world uses. If I put the records on the DNS as unreal IP for the servers, inside user would have no problem but the ouside world will start getting unreal IP for the request. If I put real IP, I would have to use the alias command, it will work fine for the inside user but the PIX will start also changing the reply to the DNS request from the outside and the world will start getting unreal IP. The only way I could do it is to use a host file on the users which is not flexible for larege number of users. Any one has a solution without using another DNS? thanks
10-18-2001 02:32 AM
Yes use Bind 9 and its views, to present different DNS views to clients depending on your defined criteria i.e. IP address.
You could also break your dns up into seperate internal and external zones i.e. kdcc.ku for Internet facing records, and internal.kdcc.ku for Internal facing hosts/records.
Running the SAME DNS for internal and external users is VERY dangerous, and allows externals to map and document your internal systems/setup.
10-18-2001 09:33 AM
I cannot agree more with the last statement. Do not use the same DNS server for both internal and external users. It is too much a security risk.
10-18-2001 12:05 PM
Split DNS is the way to go. it is an administrative tasking, but well worth the control garnered, especially if you have windows shares internal.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide