[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind and address rewriting



On Tue, Oct 03, 2000 at 03:37:00PM +0200, Thomas Voss wrote:
 
> Does anybody has an idea about that?

Maybe I'm missing the point here, but why do you think you need to
MASQ these packages?  When a box from your internal network do a lookup,
it checks with BIND on your boundary/firewall box. BIND checks if it
has the address in the cache, and if not, make a NEW connection out
to the web to try to resolve it.  So, from the outside, if it comes
to it, will get the connection from the 'internet' box anyways.

Also, any reason why you are using BIND when all you're doing is
cache dns? It's kinda overkill. Use something like dnscache, which
was written specifically for the task (it's smaller, uses less memory,
and is more secure).

-- 
John______________________________________________________________________
email: john@fjellstad.org                   Quis custodiet ipsos custodes
icq: thales @ 17755648

#####          I'm subscribed to this list, no need to cc:          ######

Attachment: pgpNCg6eDBKU8.pgp
Description: PGP signature


Reply to: