[c-nsp] DNS rewrite & global capabilities

[Sam Stickland]

Roland Dobbins wrote:
> But even more than that, putting your public-facing DNS (or any other 
> kind of server) behind a firewall is a very serious architectural 
> mistake; firewalls in front of public-facing servers provide no 
> security value whatsoever, and degrade the overall security posture 
> due to the issues denoted above.
Roland,

This seems to imply that the servers would need a second interface for 
management, with static routes over-riding the default? Is this your 
preferred approach?

Sam