in the case of a firewall. There will be a firewall in the system. Although the firewall has been slowly forgotten in the prevalence of anti-virus software, it still has its role. How to set up DNS when using the firewall to make the system run better. Some organizations want to hide the DNS name and let the outside world know. Many experts believe that hidden DNS names are of little value, but if the site or corporate policy mandates the hiding of domain names, it is also a known and feasible approach. Another reason you may have to hide the domain name is whether there is a non-standard addressing scheme on your internal network. Don't fool yourself into thinking that if you hide your DNS name, it will give the attacker more difficulty when an attacker breaks into your firewall. Information about your network can be easily obtained from the network layer. If you are interested in confirming this, you may wish to "ping" the subnet broadcast address on the LAN and then execute “arp -a”. It should also be noted that hiding the domain name in the DNS does not solve the problem of "leaking" the host name from the mail header, news articles, and the like.
This method is one of many methods that are useful for organizations that want to hide their hostnames from the Internet. The success of this approach depends on the fact that the DNS client on one machine does not have to talk to a DNS server on the same machine. In other words, because there is a DNS server on one machine, there is nothing wrong with (and often good) redirecting the machine's DNS client activity to a DNS server on another machine.
First, you set up a DNS server on the bridgehead host that can communicate with the outside world. You set up this server to make it announce the right to have access to your domain name. In fact, what this server knows is what you want the outside world to know: the name and address of your gateway, your wildcard MX record, and so on. This server is the "public" server.
Then, create a DNS server on the internal machine. This server also announces the power to your domain name; unlike public servers, this server is telling the truth. It is your "normal" naming server, you can put all your "normal" DNS name in this server. You set up this server so that it can forward queries that it can't resolve to the public server (for example, using the "forwarder" forwarder line in /etc/named.boot on a Unix machine).
Finally, set up all your DNS clients (for example, the /etc/resolv.conf file on a Unix machine) to use internal servers, which include DNS clients on the same machine as the public server. This is the key.
Asking an internal client about an internal host to ask questions and get an answer to the internal server; ask an internal client about an external host to query the internal server, and the internal client to the public server Make a query, the public server then query the Internet, and then pass the answers back step by step. Clients on the public server also work the same way. However, an external client asking for information about an internal host can only get the answer from “restricted" from the public server.
This approach assumes that there is a packet filtering firewall between the two servers that allows the servers to pass DNS to each other, but otherwise limits the DNS between other hosts.
Another useful technique in this way is to use the wildcard PTR record in your IN-ADDR.AROA domain name. This will cause the "address-to-name" lookup for any non-public host to return information like "unknown.YOUR.DOMAIN" instead of returning an error. This satisfies the requirements of an anonymous FTP site like ftp.uu.net. Such sites require the name of the computer with which they communicate. This method does not work when communicating with sites that perform DNS cross-checks. In a cross-check, the host name matches its address, and the address also matches the host name.
Configuring DNS is not as simple as it is supposed to be, it is so difficult, but since it is configured, it should be meticulous, and the attention to details is indispensable, so you should take a good look when you operate. In order to avoid mistakes, we must start all over again.
I believe that when you first contact the WinXP system, you will often open the attachments in the S
In the xp system, file attributes include read-only, hidden, and archived content. Sometimes, under
1. Reinstall windows xp without activation If you need to reinstall windows xp, you usually have to
Let DMRC connect perfectly to remote Windows XP SP2 For the hosted Windows XP SP2 version of the op
Several ways to easily replace the xp login background image
How to solve the slow opening of the XP system window?
Solve the problems often encountered in Windows XP SP2
How to delete the inexplicable TMP format file in XP system
Windows system network sharing application
The Arabic numerals in word are converted into uppercase Chinese characters
How can I disable the USB port device in the Windows domain
Help you trick: how to avoid CSRF attacks
How to crack the login password To solve the problem of forgetting the password
File association open method changes with you
Learn from the Windows Start Menu Firefox 4 interface push new
Microsoft will issue three serious Win8.1 security patches on November 12
British security experts say Windows 7 still can't effectively defend against malware
Win7 prompt explorer.exe server failed to solve
Win8 system play iQiyi error 504 how to solve?
XP Win8 disk problem solving method
Simple way to install and uninstall Windows 7
How to set parental control function in win8
Effectively optimize the BIOS essence of the computer motherboard system
Win10 10547 preview version of the new call record and mail access permissions set