Re: DNS - Firewall
From: Eirik Seim (eirik_at_mi.uib.no)
Date: 07/14/03
- Next message: Ken: "Re: stripping on AIX 5.1"
- Previous message: Ken: "Mount it"
- In reply to: Ida Young: "Re: DNS - Firewall"
- Next in thread: Ben Kamen: "Re: DNS - Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 14 Jul 2003 21:05:02 GMT
On Mon, 14 Jul 2003 18:36:42 GMT, Ida Young wrote:
> "mike" <m.mike@ny.com> wrote in message
> news:77a98267.0307140239.250484ed@posting.google.com...
> > How could I configure the DNS (resolv.conf) in my Firewall? To the
> > intern DNS in my Lan or extern to my provider?
> > What's the best and the right way concerning the security and
> > performance?
>
> The firewall should use the internal DNS server if there is so that the
> firewall can resolv the internal host name and address as well as the
> external hostname and address.
>
> With a firewall, you had better have an internal DNS server and an external
> DNS server. The internal DNS server resolves the hostnames and IP addresses
> for your internal machines and firewall. The external DNS server only
> resolves your public services, and serves for users from Internet.
While this makes perfectly sense, a relevant question might be _why_ the
firewall needs to look up hostnames at all.
In essence, resolving hostnames mean relying on external (even if they are
on the inside of the firewall) information, which in my not so humble
opinion is a bad thing on a firewall. Someone might have good reasons for
this, but I fear most dont.
Followup-To set to comp.security.firewalls, please ignore if your answer
has something to do with AIX.
- Eirik
-- New and exciting signature!
- Next message: Ken: "Re: stripping on AIX 5.1"
- Previous message: Ken: "Mount it"
- In reply to: Ida Young: "Re: DNS - Firewall"
- Next in thread: Ben Kamen: "Re: DNS - Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
