-----Original Message-----
From: David Watson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 24, 1999 12:42 PM
To: Firewalls List (E-mail)
Subject: FW: DNS ..where to put..DMZ or ...I'm new with Fire Wall security. My superior seems to know more about it. but after this message I have my doubts.
Can anyone help?
-----Original Message-----
From: XXXXXXXXX
Sent: Tuesday, August 24, 1999 9:01 AM
To: David Watson
Subject: RE: DNS ..where to put..DMZ or ...
My suggestion would be to have PCI's DNS point to things that are going to be in the DMZ (ftp and www). Then pointers for everything else should be in a DNS behind the firewall. Also, we should have NAT and/or a proxy in or behind the firewall/router. Finally, all the internal IP addresses should be private (numbers that cannot be forwarded on the Internet) such as the 90.0.0.0 to .255 range with a 255.255.255.0 subnet.
-----Original Message-----
From: David Watson
Sent: Monday, August 23, 1999 6:35 PM
To: Eric Ford
Subject: FW: DNS ..where to put..DMZ or ...Eric I'll forward the replies if you would like
-----Original Message-----
From: Tally [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 23, 1999 4:52 PM
Subject: DNS ..where to put..DMZ or ...
This question has been asked n number of times on
this list. but after searching through the archives
it has confused us more as there are numerous
threads and its difficult to follow multiple
threadsI N T E R N E T
|
Firewall---Webserver(aka dmz)
|
Internal NetworkA typical set up. The internal network has its own
"internal" DNS but the hosts have 10.x.x.x
addresses.
now the question. where do I place the DNS server.
what if I place it on the same host as Webserver on
the DMZ. This DNS server would be the name server
for the domain hosted by the firewall... correct..
?and next , is there a way so that sitting on the
web server one could access hosts in the internal
network by name... how can this be achieved... ?
this is the hard part.thanks and please email me
tally
Title: FW: DNS ..where to put..DMZ or ...
I'm
not certain what PCI's stands for, but everything else seems to be on
point. I think he erred on non-routable IP addresses. RFC 1918
specifies the following addresses,
10.0.0.0-10.255.255.255
172.16.0.0-172.31.255.255
192.168.0.0-192.168.255.255
Subnet
these as you like.
90.0.0.0 may not be routable - I don't know. I do
know it isn't the class A address I've used, and I do know it isn't the subnet
specified in RFC1918.
BTW if
you didn't want us to know his name was Eric Ford, maybe you should have taken
that out everywhere it appears. :)
- DNS ..where to put..DMZ or ... Tally
- RE: DNS ..where to put..DMZ or ... Burgess, Jeff
- FW: DNS ..where to put..DMZ or ... David Watson
- Re: FW: DNS ..where to put..DMZ or ... Dave Gillett
- Re: FW: DNS ..where to put..DMZ or ... W Joel Gridley
- RE: DNS ..where to put..DMZ or ... Sweeney, Patrick
- RE: DNS ..where to put..DMZ or ... Myllym�ki Sakari
- RE: FW: DNS ..where to put..DMZ or ... Evandro Braz
- RE: FW: DNS ..where to put..DMZ or ... David Watson
- RE: FW: DNS ..where to put..DMZ or ... Smith, Lars
- Re: FW: DNS ..where to put..DMZ or ... eric
- RE: FW: DNS ..where to put..DMZ or ... Ron DuFresne
