Uwe Thiem <uwix <at> iway.na> writes: > Are there any security reasons that I should not run the secondary (Bind) name server on the firewall (iptables) directly?
> Well, security holes have been discovered in bind in the past - and > there are no reasons to assume none will be found in the future. > Once your firewall is compromised, your whole network is under > Though the risk is probably small, you can avoid it easily. Rund bind > on one of the boxes behind your firewall. Forward port 53 from your > fw to that box. Announce your FW as the secondary name server. Yep. That's what I was thinking too. thanks for confirming what I was leaning towards. James -- gentoo-user@lists.gentoo.org mailing list