Roland Dobbins wrote:
But even more than that, putting your public-facing DNS (or any other kind of server) behind a firewall is a very serious architectural mistake; firewalls in front of public-facing servers provide no security value whatsoever, and degrade the overall security posture due to the issues denoted above.
Roland,
This seems to imply that the servers would need a second interface for management, with static routes over-riding the default? Is this your preferred approach?
Sam _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
