9.1.3. Procedure – Setting up split-DNS configuration
Setting up a split DNS service is useful in networks where both external and internal name resolution is performed using the same DNS server – in this case the PNS firewall. Since hiding the internal namespace from external visitors is a basic security requirement, you have to set up the DNS service in a way that it does not resolve internal names for external resolvers. In other words, for all DNS zones stored on the server you have to specify which networks can query for records in the given zone.
Add the Text Editor component.
Select the
template.Two skeleton files are created, a
named.conf
and anamed.conf.shared
.The
named.conf.shared
file holds records and configuration settings that are shared between external and internal name resolution operations, whilenamed.conf
has options to specify internal and external networks (internalips
andexternalips
). These networks can then be referenced indb.domainname
file(s) to specify which networks can have access to what records.For more information on split-dns configuration and DNS configuration in general, see Appendix B, Further readings.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu