Domain Name Service (DNS) and Gauntlet
139
Domain Name Service (DNS) and Gauntlet
When you join the Internet, you must participate in the Internet-wide DNS hierarchy (the
name service used on the Internet). There are several popular methods of deploying your
site’s DNS information on the Internet: some sites have their service provider serve the
information for them, while others run a local DNS server.
For sites that choose to run their own DNS server, there are two common firewall
configurations. One involves running two DNS servers, an internal and an external
server. This is often referred to as a split-DNS or dual-DNS configuration. The other
configuration involves running a fully-populated DNS server on the external host. In
either case, the Gauntlet host is commonly chosen to run a DNS server, either as the
external member of a dual-DNS configuration, or as the single DNS server for the site.
DNS should be configured to provide the addresses that other sites need to contact you.
This might include the address of your router, your firewall host, and any other hosts that
must communicate with others. In the case of a simple firewall composed of a
dual-homed host, the dual-homed host would be the DNS server that provides the
address of the Internet side of its network connection (192.132.122 in Figure 17-9). In the
case of a screened subnet, the DNS server could be any of the “public” hosts in the
subnet, and it could provide addresses for all of these hosts and the router.
You should also set up the DNS Mail eXchanger (MX) record to advertise the name of the
host(s) responsible for mail at your site. This might be the firewall host or some other
host. Do not publish internal hostnames and addresses on the firewall host. If you have
a single firewall host performing multiple services, say FTP and WWW serving, use
CNAME records to “alias” the services to the hostname. This makes it easy to move these
services to different hosts if you want to separate them later.
Configuring DNS is a task that is very difficult to automate reliably because DNS
configurations vary widely among different sites. The purpose of the DNS configuration
tools included with the Gauntlet firewall is to give the administrator a quick means of
setting up a basic, working DNS. More advanced DNS management requires careful
administrator attention and familiarity with the DNS software.
Gauntlet uses the Silicon Graphics example DNS configuration files to configure DNS for
your firewall. If you are not sure how to fill in the DNS configuration form, refer to the
chapter on “The BIND Name Server” in the IRIX Admin: Networking and Mail.
Содержание Gauntlet
Страница 1: ...Gauntlet for IRIX Administrator s Guide Document Number 007 2826 004 ...
Страница 16: ......
Страница 26: ......
Страница 27: ...PART ONE Understanding the Gauntlet Internet Firewall I ...
Страница 28: ......
Страница 43: ...PART TWO Configuring and Using Proxies II ...
Страница 44: ......
Страница 50: ......
Страница 56: ......
Страница 64: ......
Страница 72: ......
Страница 94: ......
Страница 109: ...PART THREE Administering General Gauntlet Firewall Services III ...
Страница 110: ......
Страница 140: ......
Страница 146: ...120 Chapter 17 The Graphical Management Interface Figure 17 3 Gauntlet Introductory Management Form 1 of 3 ...
Страница 147: ...Introductory Management Form 121 Figure 17 4 Gauntlet Introductory Management Form 2 of 3 ...
Страница 148: ...122 Chapter 17 The Graphical Management Interface Figure 17 5 Gauntlet Introductory Management Form 3 of 3 ...
Страница 150: ...124 Chapter 17 The Graphical Management Interface Figure 17 6 Networks and Interfaces Configuration Form 1 of 2 ...
Страница 151: ...Networks and Interfaces Configuration Form 125 Figure 17 7 Networks and Interfaces Configuration Form 2 of 2 ...
Страница 155: ...Routing Configuration Form 129 Figure 17 8 Routing Configuration Form ...
Страница 162: ...136 Chapter 17 The Graphical Management Interface Figure 17 10 Proxy Servers Configuration Form 1 of 3 ...
Страница 163: ...Proxy Servers Configuration Form 137 Figure 17 11 Proxy Servers Configuration Form 2 of 3 ...
Страница 164: ...138 Chapter 17 The Graphical Management Interface Figure 17 12 Proxy Servers Configuration Form 3 of 3 ...
Страница 170: ...144 Chapter 17 The Graphical Management Interface Figure 17 13 DNS Configuration Form 1 of 2 ...
Страница 171: ...DNS Configuration Form 145 Figure 17 14 DNS Configuration Form 2 of 2 ...
Страница 177: ...Sendmail on Gauntlet Servers 151 Figure 17 15 Sendmail Configuration Form ...
Страница 187: ...Logfiles and Reports Configuration Form 161 Figure 17 20 Reports and Logfiles Form 1 of 2 ...
Страница 191: ...Authorizing Users Form 165 Figure 17 22 Authorizing Users Form ...
Страница 192: ...166 Chapter 17 The Graphical Management Interface Figure 17 23 Add User Form ...
Страница 214: ......
Страница 232: ......
Страница 233: ...Appendixes IV ...
Страница 234: ......
Страница 294: ......
Страница 305: ......