have 3 NICs on the firewall (CP2000 SP3 on Solaris) - for DMZ,LAN,and
Punlic.
My DNS server resides on LAN network(not on DMZ).This DNS server acts a s a
forwarder to the DNS servers on the ISP site.
I want to secure DNS communications but I'm not sure what is the way to set
it up...
First scenario:
ANY > Internal_DNS > domain-udp > Accept
Internal_DNS > ANY >domain-udp > Accept
1. Is it a correct way to secure DNS communication or is there anything else
that must be done?
2. Should I replace ANY with DNS addresses of ISP servers,thus restricting
DNS communications to communications between mu DMS and ISP's DNS server?
3. Should I include domain-tcp also to be able to perform zone transfers
between my dns and ISP's?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
