If your ISP supports slave zones, just have them setup a zone for your domain as a slave on their primary/secondary name servers. Put in a change with networksolutions to point ns1 ns2 at your ISP. Lock down zone transfers for your domain to your subnet/dns server. You can then make zone updates locally and just replicate the zone to the ISP using AXFR etc... (put a rule in to allow your DNS to initiate TCP outbound to the ISP dns)
hostfiles are great way to speed things up and reduce needless nameresolutions, so that is a good idea anyway. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, December 04, 2001 2:41 PM > To: Rick Brown; [EMAIL PROTECTED] > Subject: Re: DNS in DMZ > > > On 4 Dec 2001, at 10:39, Rick Brown wrote: > > > This is a little off topic but I thought you guys would be the > > one's to ask. I only have a mail server and a web server (for > > web-based email access) in my DMZ. Do I have to have a DNS server > > in the DMZ or can I just use my ISP's DNS? I have an internal DNS > > server(s). What are the drawbacks to using my ISP's DNS. I won't > > need to make very many DNS changes in the future so I'm not > > concerned with how long it takes to make a DNS update. I know the > > other way to go would be a split-DNS setup. Any help/advice would > > be greatly appreciated. Thanks. > > Who would use this DNS? > > 1. Local internals -- they can use the internal DNS, which probably > lists internal private machines that you don't want publicly listed > anyway. > > 2. The DMZ servers -- your web server, for instance, might need to > find an internal back-end database server. If you're not comfortable > letting them use the internal DNS server, give them a hosts file that > just lists what they need. > > 3. Outsiders trying to find your DMZ servers -- if your ISP will host > DNS for you, that's one less thing you need to manage locally. > > Seems like a no-brainer to me. Is there some scenario I've > overlooked? > > DG > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
