Says it all really.
I'm setting up a proxy-based firewall, and am tossing up between only
allowing the DMZ hosts to have access to Internet DNS servers, or allowing
the internal DNS servers to forward to the DMZ DNS server. The latter would
then allow internal users to lookup Internet hosts - even though they
couldn't then connect to them.
I have my reasons for wanting the latter, but am concerned that I may be
compromising some security in the process. I can't think of anything myself...
So the million dollar question is: does allowing internal hosts to do DNS
lookups compromise anything?
--
Cheers
Jason Haar
Unix/Network Specialist, Trimble NZ
Phone: +64 3 3391 377 Fax: +64 3 3391 417
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
