When I setup my current DNS ~2 years ago I set it up with both the
"primary" and "secondary" DNS machines (as far as the internic was
concerned) really acting as secondaries from an internal primary. I am
currently be asked to defend my aratecture and cannot remember where I got
the idea to do this. (the basic idea being that if someone corrupts what
they think is my primary machine it gets cleared with the next update,
rather then propogating the problem to the secondary) Can anyone give me
comments on if this is still a good idea?
One of the problems is that in order to update from the primary the
secondary machines have to talk to the inside of my network to reach the
real primary.
David Lang
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
