× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2002

Re: Setting UP DNS

Ok, I will elaborate on needing an internal DNS for private IPs.

The external ip address of your www server is 65.65.65.65.  The internal
address is 10.10.10.10.

So, you make two entries in your public DNS.

When there are two entries for the same host name, it is relatively random
which ip address you will use.  So 50% of the time the public will not get
to your site because they are getting an invalid ip address (10.10.10.10).

Second, say the person querying the address is also in a private network
with a 10.10.10.x desigantion.  They will get screwy results becausetheir
routing will keep them internal.

Finally, yes, security is a big factor.  Say someone hacks your firewall.
Now they have a complete server ip layout of your private network on a
public DNS.

Do not let your private records be publicly accessible.

I don't see any issue with running DNS on a mail server.

Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
http://www.rutgersinsurance.com
----- Original Message -----
From: "John Ross" <jross-ml@netshare400.com>
To: <midrange-l@midrange.com>
Sent: Wednesday, July 31, 2002 11:48 AM
Subject: Re: Setting UP DNS


> Why? A private IP addresses  should be returned from a DNS query in the
> answer. I know Internet routers are not suppose to forward traffic to
> private IP addresses, but the private IP is in the answer. And then once
> you get that you are on your internal network. Or is because most DNS let
> you look at the zone file with NSLOOKUP or DIG and then a hacker can get a
> pretty good idea of how your network is setup and IP addresses.
>
> We really need to start saying why to do something and why not to, I know
> it adds to the time to answer a post but it will help educate others. And
> if a why is not included then the person asking the question should ask
> why. And it may help the person answering the question learn something
new.
> Like me reasoning to do or not do something maybe wrong and some one can
> say that is not correct. Like my reasoning to put DNS on a mail server,
> that may or may not be correct any more someone else told me that, I have
> no real experience with the speed of DNS on the mail server versus a
second
> machine just doing DNS. Is there a point where you are better off leaving
> the mail server do mail stuff and  DNS to DNS stuff. With stuff changing
> every week reasons probably change also. Like with 1 gig networks now does
> having a DNS and a separate email server make more sense, at what volume
of
> email or speed of network does it. Or does the email server wait for the
> response from the DNS server before it moves on anyway. What I am trying
to
> say is the more knowledge you have the better decision you should be able
> to make.
>
> A person needs to understand DNS before they just put it on the AS/400 or
> any computer.  Do you want email down when the AS/400 is down? But my
> AS/400 is not the mail server? But the DNS tells it where to deliver mail.
> So set up a secondary DNS server, or have your ISP be the secondary.
> problem solved. You have to understand that any place you convert a
> computer name to an IP addresses will be affected if your one and only DNS
> server is down, like file shares.
>
> Or you may want to make your AS/400 a cache DNS, because it is your mail
> server and you send email to the same people over and over. And this
should
> cut down on bandwidth for DNS request. More over head on the AS/400.
>
> Sorry for ranting, but this thread has me fired up. We having him setting
> up DNS without even finding out what the problem was.
>
> John Ross

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.