Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
IP address for DNS server
Results 1 to 3 of 3

Thread: IP address for DNS server

  1. #1

    IP address for DNS server

    Hello,

    I am about to setup a DNS server for my corporate network. Once in place I will add web and mail servers as well. Since I will be hosting services, I need a nameserver to handle DNS requests from the Internet for my domains.

    Now here's my question.....I have a linux iptables firewall/router in place now. Do I assign my new nameserver a local private IP and have DNS requests from the Internet forwarded by my firewall to my locally addressed box, or should I just go ahead and assign a public IP to my nameserver and install iptables on it as well?

    Thanks for any advice you can offer.

  2. #2
    Administrator Moderator
    Member
    starfish's Avatar
    Join Date
    Apr 2004
    Posts
    141
    I'd put the server on the outside with iptables.

    Putting it on the local network runs the risk of someone hacking the box via a DNS exploit and then gaining unrestricted access to the rest of your network.

    Another soultion is to add another leg to the firewall and place it on that network. This would be a classic DMZ configuration, but remember that as much as possible, only allow inbound connections to the servers in the DMZ for best security. This way a hacked DMZ server won't have access to your corporate network.

    If teh DMZ DNS servers are using NAT, then you'll probably have to use BIND zones to get your DNS correct to provide private IPs for the corporate queries and public IPs for queries from teh Internet.

    The Linux Home Networking site has rought outlines on how to do this.

  3. #3
    Thanks for the advice......this was the way I was leaning to go.

Similar Threads

  1. Bad ip address
    By saswata in forum Linux - Hardware, Networking & Security
    Replies: 0
    Last Post: 08-27-2007, 05:26 AM
  2. help with address bar
    By jkerrisk in forum Windows - General Topics
    Replies: 1
    Last Post: 04-11-2006, 07:02 PM
  3. How to Achive IP address through MAC(Ethernet) address
    By krishnacins in forum Linux - Hardware, Networking & Security
    Replies: 3
    Last Post: 10-03-2005, 02:17 PM
  4. IP address??
    By in forum Windows - General Topics
    Replies: 24
    Last Post: 01-03-2004, 07:58 PM
  5. Lan address?
    By pinehead in forum Linux - General Topics
    Replies: 3
    Last Post: 07-24-2003, 06:01 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •