> However, if you're concerned, it's pretty easy to set up a more secure
> infrastructure. Put a resolver (resolving name server) at the edge of
> your network (in a DMZ, presumably) that knows nothing of internal
> domains (nor IP address space). It refuses to send queries to private
> addresses, but will answer queries coming from them. Then set up an
> internal resolver that knows about your private namespace; for any
> outside domains, it forwards to the server on the edge of your
> network. Have client machines send queries to the internal resolver,
> not to the edge resolver.
That will work but I was hoping for something like:
view "internet" {
filter-rfc1918-responses yes;
...
However I'm not concerned. :)
ds
_______________________________________________
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
