bind and address rewriting

To: debian-user@lists.debian.org
Subject: bind and address rewriting
From: tux092000@katja.tafeu.de (Thomas Voss)
Date: Fri, 6 Oct 2000 00:34:00 +0200
Message-id: <200010060034.a15555@su.maus.de>
In-reply-to: <20001005080231.A16512@fjellstad.org>

Hi,

 JLF> Maybe I'm missing the point here, but why do you think you need
 JLF> to MASQ these packages?  When a box from your internal network
 JLF> do a lookup, it checks with BIND on your boundary/firewall box.

and exactly that's the point: There is no bind running on my firewall box.
Bind is running on some other machine, and so it needs to connect to the
outside.

Anyway, even if bind would run on the firewall box, the problem would
remain the same, i.e. bind would send a UDP packet which has to bring up
the line (forcing a new IP for the interface), and which therefore leaves
with the wrong source address.

 JLF> Use something like dnscache,
 JLF> (it's smaller, uses less memory, and is more secure).

Thank you for your hint, I actually appreciate alternatives. But this
makes me curious: Why should it be more secure, provided that bind is
configured properly?

Greetings, Thomas

Reply to:

Follow-Ups:
- Re: bind and address rewriting
  - From: "John L . Fjellstad" <john-list@fjellstad.org>

References:
- Re: bind and address rewriting
  - From: "John L . Fjellstad" <john-list@fjellstad.org>

Prev by Date: Re: Article: Debian's Daunting Installation
Next by Date: ISP nameserver error?
Previous by thread: Re: bind and address rewriting
Next by thread: Re: bind and address rewriting
Index(es):
- Date
- Thread