[c-nsp] Best practice to put a DNS server at same lan segment as
main internet gateway
Gert Doering
gert at greenie.muc.de
Tue Jun 21 18:42:04 EDT 2005
Hi,
On Tue, Jun 21, 2005 at 04:54:58PM -0400, cisco at confluence.com wrote:
> What ever happened to having a server that is not only hardened at the OS
> level, but also on a DMZ with publicly reachable (non-NATed) address space
> that is behind a stateful firewall?
A *stateful* firewall for *DNS* is asking for trouble.
OTOH, nothing wrong with adding a packet filter in front of the
(adequately hardened) machine.
gert
--
Gert Doering
Mobile communications ... right now writing from * back @ home *
More information about the cisco-nsp
mailing list