[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-user
Subject:    Re: [gentoo-user]  firewall + dns secondary
From:       Uwe Thiem <uwix () iway ! na>
Date:       2008-06-21 17:59:29
Message-ID: 200806211859.29660.uwix () iway ! na
[Download RAW message or body]

On Saturday 21 June 2008, James wrote:
> Hello,
>
> I'm adding primary and secondary name servers to my small (5
> static) ip network.
>
>
> Are there any security reasons that I should not run the secondary
> (Bind) name server on the firewall (iptables) directly?

Well, security holes have been discovered in bind in the past - and 
there are no reasons to assume none will be found in the future. ;-) 
Once your firewall is compromised, your whole network is under 
threat.

Though the risk is probably small,  you can avoid it easily. Rund bind 
on one of the boxes behind your firewall. Forward port 53 from your 
fw to that box. Announce your FW as the secondary name server.

Uwe

-- 
Ignorance killed the cat, sir, curiosity was framed!
-- 
gentoo-user@lists.gentoo.org mailing list

[prev in list] [next in list] [prev in thread] [next in thread]