[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Action behind firewalls

To: Walt Lazear <lazear@GATEWAY.MITRE.ORG>
Subject: Re: Action behind firewalls
From: "Todd S. Aven" <Todd.Aven@BankersTrust.Com>
Date: Fri, 10 Nov 1995 20:34:17 -0800 (PST)
cc: namedroppers@rs.internic.net


Walt,

We too have the split DNS configuration.  After I discovered for myself the
problem with using the 'forwarders' directive to resolve Internet names
through the firewall, I went through the code to find out why.  I discovered
the reason and found that neither the logic nor desirable alterations to the
logic were terribly complicated. 

I created a set of patches that can be applied to 4.9.3beta26 that introduce
a new named.boot keyword, 'noforward'.  Queries for names in domains
specified in a noforward line will *not* be forwarded to the Internet when
not in cache.

[begin CAVEATS]
Paul Vixie is contemplating a completely different model for controlling the
forwarding behavior which seems to be more flexible and desirable, so my code
changes are likely never to become part of the standard code base. 

Also, if you have many internal subdomains and contemplate using this
mechanism to allow you to take secondary service for those domains off the
forwarding server, you may be disappointed in the configurability:  you would
have to list *every* subdomain, as there is no wildcarding nor does the
exclusion principle apply to subdomains of a listed domain.
[end CAVEATS]

Having said all that, if anyone is interested in the patches, feel free 
to send me mail and I'll provide you with the changes.  

Regards,
Todd Aven
Todd.Aven@BankersTrust.Com

Prev by Date: Re: Action behind firewalls
Next by Date: AOIS Approved News Release: World's *Cheapest* Way to get USA MagazineSubscriptions delivered to *any* country (1,500+ USA titles to choosefrom) + FREE 1 yr. subscription (choose from 295+ titles)
Prev by thread: Re: Action behind firewalls
Next by thread: Re: Action behind firewalls
Index(es):
- Date
- Thread