[c-nsp] Best practice to put a DNS server at same lan segment
as main internet gateway
Randy Bush
randy at psg.com
Wed Jun 22 04:28:57 EDT 2005
> What ever happened to having a server that is not only hardened at the OS
> level, but also on a DMZ with publicly reachable (non-NATed) address space
> that is behind a stateful firewall?
the complexity produced too many problems and smart folk stopped
doing that.
if the server only runs a very restricted set of services, what is
the job of the firewall other than to add another kinky set of things
to go wrong?
randy
More information about the cisco-nsp
mailing list