Re: [fw-wiz] DNS records for a firewall NAT pool
From: R. DuFresne (dufresne_at_sysinfo.com)
Date: 07/29/03
- Previous message: Barney Wolff: "Re: [fw-wiz] DNS records for a firewall NAT pool"
- In reply to: Pollock, Joseph: "[fw-wiz] DNS records for a firewall NAT pool"
- Next in thread: Bojan Zdrnja: "RE: [fw-wiz] DNS records for a firewall NAT pool"
- Reply: Bojan Zdrnja: "RE: [fw-wiz] DNS records for a firewall NAT pool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Pollock, Joseph" <PollockJ@evergreen.edu> Date: Tue, 29 Jul 2003 13:37:41 -0400 (EDT)
could not the fix for this client be a hardcoded hosts file?
I've not mucked about alot with tcpd and compiling lately with the
paranoid switches, but, this might be the way to do this 'quetly", of
course resolv.conf need to point to files first on this system.
Thanks,
Ron DuFresne
On Mon, 28 Jul 2003, Pollock, Joseph wrote:
> What DNS records are appropriate for addresses in a firewall NAT pool?
>
> We have long provided dummy PTR records for the addresses to deal with
> software that does a reverse lookup. We have not configured matching A
> records, feeling it was inappropriate and likely in conflict with, for
> example, RFC 2182, since the hosts are not directly reachable.
>
> We are suddenly faced with a researcher who cannot connect to a well-known
> database. The site tells me they use TCPWrappers in a manner that requires
> matching forward and reverse lookups to pass the connection on to the
> server.
>
> We could, of course, configure a static NAT entry for the two hosts
> required; my management prefers to not do this for a variety of reasons.
>
> What are the implications of populating our DNS server with matching dummy A
> records for all of our firewall pool?
>
> Joe Pollock
> Network Services
> The Evergreen State College
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Barney Wolff: "Re: [fw-wiz] DNS records for a firewall NAT pool"
- In reply to: Pollock, Joseph: "[fw-wiz] DNS records for a firewall NAT pool"
- Next in thread: Bojan Zdrnja: "RE: [fw-wiz] DNS records for a firewall NAT pool"
- Reply: Bojan Zdrnja: "RE: [fw-wiz] DNS records for a firewall NAT pool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
