[c-nsp] Best practice to put a DNS server at same lan segment as
main internet gateway
nevot
r.nevot at gmail.com
Wed Jun 22 15:07:53 EDT 2005
can you explain this?
2005/6/22, Gert Doering <gert at greenie.muc.de>:
> Hi,
>
> On Tue, Jun 21, 2005 at 04:54:58PM -0400, cisco at confluence.com wrote:
> > What ever happened to having a server that is not only hardened at the OS
> > level, but also on a DMZ with publicly reachable (non-NATed) address space
> > that is behind a stateful firewall?
>
> A *stateful* firewall for *DNS* is asking for trouble.
>
> OTOH, nothing wrong with adding a packet filter in front of the
> (adequately hardened) machine.
>
> gert
>
> --
> Gert Doering
> Mobile communications ... right now writing from * back @ home *
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list