[prev in list] [next in list] [prev in thread] [next in thread] 

List:       namedroppers
Subject:    Re: We need help configuring our domain.
From:       JLarson.pa () Xerox ! COM
Date:       1988-02-10 2:27:09
[Download RAW message or body]

	My understanding of the domain RFCs is that SPAR cannot have a different
	view of SLB.COM than the outside world does since hosts are supposed to
	start at the root to find SDR.SLB.COM. If I'm wrong here, how do we
	splice a subtree from another domain system into our view of the
	nternet domain system.  
	

If you controlled the SLB.COM domain name servers rather than CSNET, there may
be a way to deal with this problem.  (Your servers could just have an MX record
for SDR.SLB.COM pointing at Relay.CS.NET to support the phonenet connection.)

As far as I can tell, there is nothing in the domain RFCs which would preclude a
SLB.COM name server from presenting a different view depending on whether a
query originated at an internal or external host (access control on queries).
Unfortunately most domain name server implementations do not provide this kind
of access control.  Rumor has it that some group at BBN has a version of Bind
which does (if so, I would like to get in touch with them), but it doesn't seem
like it would be too difficult to modify Bind to do this.  

As it turns out, we have a similar problem here at PARC.  I'm currently
attempting to build an access control system which will open authorized
time-limited access windows between certain internal workstations and external
hosts.  I would like local Internet accessible domain servers to only answer
external queries required for authorized external communication.  

John

[prev in list] [next in list] [prev in thread] [next in thread]