On Fri, Mar 22, 2002 at 02:38:43PM -0500, Brian Guild wrote: > What are the advantages of setting up a DNS server on a DMZ network of the > firewall? Why can't I set up a statement which allows me to run the DNS > server from an "inside" interface?
DNS Service is very well known for beeing vulnerable. If an attacker find yet another bug in the DNS Server he not only has root on your DNS Server, but can start to exploit the internal network from there. Besides that you normally have 2 Zones, an internal with all Systems and an external which only consists of external visible systems and settings. Since DMZ is used for all servers for the same reason, you may want to read a book about the function of the DMZ. Greetings Bernd _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
