On 4 Dec 2001, at 10:39, Rick Brown wrote: > This is a little off topic but I thought you guys would be the > one's to ask. I only have a mail server and a web server (for > web-based email access) in my DMZ. Do I have to have a DNS server > in the DMZ or can I just use my ISP's DNS? I have an internal DNS > server(s). What are the drawbacks to using my ISP's DNS. I won't > need to make very many DNS changes in the future so I'm not > concerned with how long it takes to make a DNS update. I know the > other way to go would be a split-DNS setup. Any help/advice would > be greatly appreciated. Thanks.
Who would use this DNS? 1. Local internals -- they can use the internal DNS, which probably lists internal private machines that you don't want publicly listed anyway. 2. The DMZ servers -- your web server, for instance, might need to find an internal back-end database server. If you're not comfortable letting them use the internal DNS server, give them a hosts file that just lists what they need. 3. Outsiders trying to find your DMZ servers -- if your ISP will host DNS for you, that's one less thing you need to manage locally. Seems like a no-brainer to me. Is there some scenario I've overlooked? DG _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
