[svlug] Bind Vulnerabilities

Marc MERLIN marc_news at valinux.com
Mon Mar 26 10:32:02 PST 2001


On Sun, Mar 25, 2001 at 10:49:57PM -0800, Todd Lyons wrote:
> Marc MERLIN wrote:
> 
> > Typically in a  split DNS setup, you  not only don't want  outside people to
> > query  your resource  records for  your intranet,  but you'll  often give  a
> > different IP for the same host:
> 
> Hmmm, if the DNS is behind the firewall, can you configure it to give
> two different sets of answers depending on if the request originates
> from internal or external IP's?  In this case, DNS is not on a DMZ and

Yes, if you give it two IP addresses, one for the inside and one for the
outside.
They can be IP aliases on the same subnet and interface card.

Marc
-- 
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
  
Home page: http://marc.merlins.org/   |   Finger marc_f at merlins.org for PGP key




More information about the svlug mailing list