回复: [c-nsp] Best practice to put a DNS server at same lan segment as main internet gateway
Joe Shen
sj_hznm at yahoo.com.cn
Wed Jun 22 05:20:53 EDT 2005
it's to your sitution.
if your server is to provide public server & have a
lot of traffic, any firewall may become a possible
bottleneck of service; if that's only a authoritative
server for your domain, it could be put behind
firewall.
anyway, I suggest you to read cricket liu's article
for useful hints.
Joe
--- Kim Onnel <karim.adel at gmail.com>写道:
> Hi,
>
> I must put 2 servers at the same LAN segment where
> the internet gateway is,
> i have a 506 PIX and the servers are supposed to be
> tight, but still i feel
> that its dangerous to do that.
>
> if i understand correctly, i will give the DNS
> server a private IP and let
> it PAT through the PIX to the DNS ports, for added
> security, i've placed it
> on a different switch.
>
> Any suggestions ideas, is there recommended
> configurations on PIX in this
> case ?
>
> Regards
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at
> http://puck.nether.net/pipermail/cisco-nsp/
>
___________________________________________________________
雅虎免费G邮箱-中国第一绝无垃圾邮件骚扰超大邮箱
http://cn.mail.yahoo.com/?id=77071
More information about the cisco-nsp
mailing list