[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

bind and address rewriting


 JLF> Maybe I'm missing the point here, but why do you think you need
 JLF> to MASQ these packages?  When a box from your internal network
 JLF> do a lookup, it checks with BIND on your boundary/firewall box.

and exactly that's the point: There is no bind running on my firewall box.
Bind is running on some other machine, and so it needs to connect to the

Anyway, even if bind would run on the firewall box, the problem would
remain the same, i.e. bind would send a UDP packet which has to bring up
the line (forcing a new IP for the interface), and which therefore leaves
with the wrong source address.

 JLF> Use something like dnscache,
 JLF> (it's smaller, uses less memory, and is more secure).

Thank you for your hint, I actually appreciate alternatives. But this
makes me curious: Why should it be more secure, provided that bind is
configured properly?

Greetings, Thomas

Reply to: