the forward statements should point to the internal interface if the bind
server is internal,
otherwise, you're asking it to connect to the external IP address, and by
default this is
denied (you can allow it by adding a filter rule saying absorb but you'd
better change
bind config).
So:
- configure the FW dns as you did: "cache only"
- configure the resolver as you did: point to internal bind
- configure the internal bind to forward to the FW internal address
- make the internal server "slave" (now "forward only"). This is the
easiest way.
cheers,
mouss
At 22:34 29/05/01 +0800, John P wrote:
>I am testing Gauntlet 6.0 and I am having trouble setting up Split DNS. I
>have set Gauntlet 6.0 as a caching DNS, with it's trusted interface
>pointing to a trusted DNS Server running Bind 9 on Redhat 7.1. I have
>tried to set forward statements in named.conf to point out (external) if
>it can't resolve internally. I can't make it work, this isn't critical,
>but it is frustrating, so if anyone has a sample configuration please send
>it my way, or if you have experienced difficulty with DNS & Gauntlet 6.0
>please let me know. Any information would be greatly apperciated. JP
>--
>
>Get your free email from http://www.outgun.com
>
>Powered by Outblaze
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
