[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-1
Subject: Re: AW: [FW1] Re: FW DNS
From: "Brian Scott" <bscott () systema ! westark ! edu>
Date: 1998-03-30 20:35:17
[Download RAW message or body]
On 26 Mar 98 at 18:24, Guenthner, Ralf DIVS 61 wrote:
>
> Dave, I agree with your line of thought, excepting this statement
>
> >>unprotected DNS is probably not a good idea, I'd much rather people go
> >>after one on my firewall than one running on an internal machine.
>
> If I place my DNS *behind* the firewall, someone would have to
> compromise the FW first to reach the DNS, right? This is hard enough
> to start with. But if I run the DNS *on* the firewall, DNS becomes
> one more potential point of break-in to the firewall itself. Do you
> see the difference? I maybe mistaken, but I think it matters.
Since DNS is such a low load service, I run both external and
internal DNS on the same internal machine. External DNS being on a
non-standard port, and Firewall-1 translates.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic