Thanks for the info,
I am going to be setting up a firewall for a small company,
what I am doing is a test set up using my cable access,
I have set a dns server internally that is primary for the internal
domain and forwards any unknowns to the cable suppliers dns.
The small business's dns is external.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 20, 2001 7:10 AM
> To: Rick Lim
> Cc: firewalls@Lists. GNAC. NET
> Subject: Re: domain name inside and outside
>
>
>
> Rick,
>
> #Is it possible to have your internal firewall
> #network as theinternalname.domain and have the
> #external domain the real name as in rogerscable.net?
>
> You could do this but there really isn't any reason that I can think
> of. It won't give you any more security and it will be a pain to maintain
> and troubleshoot. Generally, I set up an internal DNS server that is
> primary for my domain and an external DNS server that is primary for my
> domain. The internal DNS server has all of the information for my domain
> and is used by my internal users. The external DNS server only has the
> domain information that the Internet needs and is used by the Internet.
> The external DNS server is the DNS server advertized as my primary on the
> Internet. This is called split-dns and is a common setup. Generally you
> would place your internal DNS server on the internal network and your
> external DNS server on a dmz. You could also have your ISP host your
> external DNS server.
>
> If you just have a cable modem and all you want to do is play around
> with DNS on your home network then you can just set up a fake DNS server
> with a non-advertized domain that your home computers point to for DNS
> resolution. The fake DNS server would still be able to answer queries for
> from the Internet and no one would query it. You would still be able to
> have an entry in your cable companies DNS server for the web server you
> want the Internet to get to.
>
> Regards,
> Jeffery Gieser
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
