Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Smile Linux DNS in DMZ Zone

    Hi Linux Gurus,

    I need help for Linux DNS on which I can enable security for my organisation.
    Hope I will be able to do below mentioned (# 3 & # 4) through Linux DNS.
    LINUX DNS server is in Cisco Firewall DMZ zone.

    I have four queries:

    1. Linux DNS should able to resolve the DNS query for internet. ( I can do this).

    2. Linux DNS should send resolution of my domain, zone hosted on server. (I can do this).


    3. Any other query for any domain other then domain should not be resolved.

    4. Should reply queries from authoritative server for doamin should be resolve.


    Thanks in Advance

  2. #2
    Just Joined! wildpossum's Avatar
    Join Date
    Apr 2008
    Firstly I am not a DNS experienced person but generally;

    A> You need to ensure that the /etc/resolv.conf file in each end-point machine has the correct domainname, domainsearchnames within. Usually your DHCP service would set these up, as I am sure our organisation has done so already.

    B> If I understand your point 3. you don't want any other domain to be resolved? The main point of DNS is to resolve domains somewhere along the path, so unless you want to hide a owned domain within your organisation (I couldn't see why) why would you want to you would do it this way? Simply don't add it to your DNS service.

    C> Your point 4., should be not a problem but you need to read up on HOW-TO. I strongly suggest you do a google search on Linux DNS HOWTO and go from there.


  3. #3
    Hi Grahame,

    Thanks for you inputs.

    Regarding Point # 3 & 4 I will clarify more that:

    I don't want to hide my domain inside my organisation. I need to block domain other then my domain from internet. In simple words any internet user should not use my DNS IP address for resolving domain other then domain.

    Hope it will clarify why I need point #3 on Linux DNS.

    If you please suggest design of linux DNS then it would be great becuase I have placed DNS in Cisco PIX DMZ and static Nat DMZ IP with public IP address.


  4. $spacer_open
  5. #4
    you can use VIEW in named.conf

    view "<view-name>" Creates special views depending upon the host contacting to the nameserver. This allows some hosts to receive one answer regarding a particular zone while other hosts receive totally different information. Alternatively, certain zones may only be made available to particular trusted hosts while non-trusted hosts can only make queries for other zones.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts