> I have always thought that DNS servers for a domain may reside
> totally
> outside the domain. i.e. server.main.domain has no dns server
> running
> but has DNS servers other.server.com and another.server.com act
> authoritatively for server.main.domain.
>
> We have a server with very sensitive information and the boss does
> not
> want anything other than a web port open to the world. My
> experience
> has always been that the server in question is at least the primary
> DNS.
> Is this possible or do we have to think again?
According to my Oreilly BIND 8.x book, "primary" and "slave" DNS servers are a
misnomer.
There're only "authoritative" and "non-authoritative" servers. And the
distribution / updating of
zone files between authoritative servers depend on the zone file's SOA serial
number and how
the "slave {...};" and "master {...};" directives are set up.
You don't need to set up a DNS server on your secured server. As long as people
outside your
network, or outside your web server can resolve to your web port and connect,
then HTTP should
handle the rest. You might need to essentially open port 53 and configure
resolv.conf for DNS
names resolution on the web server; which may be required for some
anti-spoofing software,
firewall tools etc.
Alternatively you could set up an internal DNS server on a separate machine
inside your network
which can initiate a zone file transfer with external DNS servers hosting your
domain. The internal
DNS server could be the DNS server for the rest of your network.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
