> -----Original Message-----
> From: Bennett Samowich [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, January 07, 2000 8:42 AM
> To: Firewalls
> Subject: Who provides DNS for the perimter?
>
> Greetings,
>
> I have set up a perimeter network with a "fake" DNS server as described in
> "Building Internet Firewalls". My question is this:
>
> Where should a perimeter server (mail/web/other) get its DNS?
>
> My thought is this:
> If the server uses the internal DNS, a compromised server then knows
> the internal topology. Not to mention the possibility of exploits into
> the internal network.
>
> If the server uses the "fake" DNS then it knows nothing of the internal
> addresses. This may or may not be a problem, but that is how I came to
> this question.
>
[Einhorn, Drew] As you observed this may not be a problem. If it
is a problem on your network, you can probably get around it with a couple
entries in a perimeter host's host table.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
