DNS and Internet Firewalls
The Domain Name System wasn’t designed to work with Internet firewalls. It’s a testimony to the flexibility of DNS that you can configure DNS to work with, or even through, an Internet firewall.
That said, configuring the Microsoft DNS Server to work in a firewalled environment, although not difficult, takes a good, complete understanding of DNS. Describing it also requires a large portion of this chapter, so here’s a roadmap.
We start by describing the two major families of Internet firewall software: packet filters and application gateways. The capabilities of each family have a bearing on how you’ll need to configure your DNS servers to work through the firewall. The next section details the two most common DNS architectures used with firewalls, forwarders, and internal roots, and describes the advantages and disadvantages of each. Finally, we discuss split namespaces and the configuration of the bastion host, the host at the core of your firewall system.
Get DNS on Windows Server 2003, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
