[c-nsp] Best practice to put a DNS server at same lan segment as
main internet gateway
Randy Bush
randy at psg.com
Tue Jun 21 10:39:31 EDT 2005
> I must put 2 servers at the same LAN segment where the internet gateway is,
> i have a 506 PIX and the servers are supposed to be tight, but still i feel
> that its dangerous to do that.
>
> if i understand correctly, i will give the DNS server a private IP and let
> it PAT through the PIX to the DNS ports, for added security, i've placed it
> on a different switch.
>
> Any suggestions ideas, is there recommended configurations on PIX in this
> case ?
yes, removal.
put the server on the public network. complexity is the path to failure.
randy
More information about the cisco-nsp
mailing list