Find the answer to your Linux question:
Results 1 to 4 of 4
I am about to setup a BIND name server on my network. Should I give this box a public IP address and use iptables to stop all but dns traffic ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2005
    Posts
    7

    DNS IP address


    I am about to setup a BIND name server on my network. Should I give this box a public IP address and use iptables to stop all but dns traffic to this box, or should I place this server behind my existing firewall and give it a private IP and setup forwarding rules to this box?

    Thanks in advance for any advice...

  2. #2
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,878
    Personally, I'd keep it behind my firewall and only let it farm out local IP addresses to the lan, and not handle requests from the internet. I'd choose that option because it's less of a security vulnerability, and I'd leave my static IP pointed merrily at my firewall. This may sound like a 'would-be' situation, but in reality, it's exactly how my lan is configured.
    Linux user #126863 - see http://linuxcounter.net/

  3. #3
    Just Joined!
    Join Date
    Jun 2005
    Posts
    7
    I need this name server to handle requests from the Internet though, for web and mail services.

  4. #4
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,878
    Well, I found that you dont need to worry about that if whoever is hosting your domain records has everything set up correctly - i.e. your MX record points at your static IP and your domain with no www prefix (e.g. "domain.com", not "www.domain.com") points at your static IP too. You can use virtual hosting under apache to have different websites, and your mail gets delivered right.

    If you have to run your DNS server live on the internet, then do so, but it's open to abuse so be aware of the risks - and domain lookups from outside will sap your bandwidth.
    Linux user #126863 - see http://linuxcounter.net/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •