RE: [FW1] Best practice: DNS location

Goodwin, Russell Fri, 13 Oct 2000 04:22:52 -0700

I would say that if the External DNS will be on the NT platform then you
should...

1) Certainly not put it in a domain.
2) Disable all services possible, Server, Workstation, NetBIOS helper, LM
Security Support Provider, Computer Browser,  etc.
3) Unbind the WINS client from the Adaptor.

You will not be able to Browse any windows networks from the Net
Neighborhood but you don't need to  anyway if it is for DNS.

Just my 0.02

Russell Goodwin

-----Original Message-----
From: Tom Sevy [mailto:[EMAIL PROTECTED]]
Sent: 12 October 2000 22:12
To: [EMAIL PROTECTED]
Subject: RE: [FW1] Best practice: DNS location



If you are running DNS on NT, don't make the NT box a member of your domain.

-----Original Message-----
From: Will Schwartz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 12, 2000 3:57 PM
To: [EMAIL PROTECTED]
Subject: RE: [FW1] Best practice: DNS location



I would have your public DNS on a DMZ. I would house your private DNS on the
LAN. The Public DNS should only contain the DNS records that you absolutely
need to run, your internal DNS can have the rest. No one should connect to
your internal DNS from the outside. You can setup a forwarding on your
internal DNS to query your external DNS. I would never run DNS on a
firewall, it is too insecure. One of the most common things to hack is DNS.
I would dedicate a machine to it.

HTH
~will


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Chinnery Paul
Sent: Thursday, October 12, 2000 3:22 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Best practice: DNS location



Currently using FW 4.0 on an NT 4.0 network.
Our ISP wants us to install our own DNS and use them as secondary.
My question is where the DNS should be:  should it be on our firewall server
or on our internal network.  We are using NAT.


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] Best practice: DNS location

Reply via email to
