North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: address spoofing
>If BIND could be modified to deliver different results depending on the >source of the request, or it's interface, then it might become easy for >people to setup DNS to avoid this. not running a current bind, eh? :P the 8.x.x series bind dynamically picks up and drops interfaces as they appear and disappear, and can be told on which interfaces to listen. so...you can actually have a publicly available, non-recursive name server to answer the queries for the zones for which you need to be authoritative on the interface(s) to which those zones are delegated. then, you can have (if you want) another bind listening on other interfaces for other stuff. like the "internal dns" server that you mentioned. or maybe a recursive, caching-only server that listens only on 127.0.0.1. of course...they can speak to each other if need be. :) -- |-----< "CODE WARRIOR" >-----| [email protected] * "ah! i see you have the internet [email protected] (Andrew Brown) that goes *ping*!" [email protected] * "information is power -- share the wealth."