Re: [fw-wiz] PIX, DNS fixups and Zone Transfers

From: Luca Berra (bluca_at_comedia.it)
Date: 05/27/03

  • Next message: R. DuFresne: "Re: [fw-wiz] What challenges are security admins facing?" 
    To: firewall-wizards@honor.icsalabs.com
Date: Tue, 27 May 2003 17:03:59 +0200

    On Mon, May 26, 2003 at 09:55:50PM +0200, Bruce Smith wrote:
    >Thus arises our problem. Our DNS zones have one primary and 4 secondaries,
    >three of which are on separate sites and continents. Now when they do a zone
    >transfer of our zones, the mapped IP addresses are NOT changed in the zone,
    >so looking up on those zones brings up the new IP address, not the old. That
    >IP isn't visible on the 'Net. We hacked around the problem by giving each
    >machine two names, eg dns1.domain.com and dns1r.domain.com. dns1.domain.com,
    >the address known to the world at large, maps to the old IP.
    >dns1r.domain.com is the new one. By some careful juggling of several crates
    >of eggs, this is working, for the moment. However it is a precarious
    >position to be in.
    you don't state which DNS server you are using, but BIND version 9
    supports views (you can answer using differeny db files depending on the
    query source), which could be just what you need.

    regards,
    L. 

    -- 
Luca Berra -- bluca@comedia.it
        Communication Media & Services S.r.l.
 /"\
 \ /     ASCII RIBBON CAMPAIGN
  X        AGAINST HTML MAIL
 / \
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: R. DuFresne: "Re: [fw-wiz] What challenges are security admins facing?"

    Relevant Pages

    • Re: DNS entries for web development
      ... But I do not control the existing DNS zones, ... hosted by an external hosting company. ... private test.yahoo.com website! ...
      (microsoft.public.windows.server.dns)
    • .local vs .com
      ... In the DNS zones on each DC the reverse lookup zones match ... and remote users connect to it for webmail. ...
      (microsoft.public.windows.server.dns)
    • Re: export DNS zones
      ... >> is it possible to export all dns zones from a server, its a secondery ... I BELIEVE he is trying to export a 'lot' of ZONES ...
      (microsoft.public.win2000.dns)
    • Re: Set DACL on multiple zones?
      ... I have alot of dns zones and I´m looking for an easy way to change the ... >> Is there a way to set permissions on multiple zones other than manually go ...
      (microsoft.public.windows.server.dns)