Firewalls: Re: DNS w/NIS

Firewalls
(September 1993)

Indexed By Thread: [Previous] [Next]

Subject:	Re: DNS w/NIS
From:	Brent Chapman <brent @ GreatCircle . COM>
Date:	Mon, 27 Sep 1993 07:35:58 -0700
To:	"Jonathan B. Horen" <horen @ zeus . datasrv . co . il>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	Your message of Sun, 26 Sep 1993 09:34:37 +0200

"Jonathan B. Horen" <horen @
 zeus .
 datasrv .
 co .
 il> writes:

# OK -- I've read the SYSADMIN FAQ about how to configure the DNS
# when running NIS, but I have a situation not addressed by the
# FAQ:
# 
# I want to configure my machine, which will be our gateway to the
# Internet (it will be connected via SLIP/PPP to a commercial Internet
# provider) as a "firewall" machine.  Reading the O'Reilly book on
# Practical Security, I learned that a host configured as a firewall
# should *not* be running NIS.  So... my question is:
# 
# Should I try to configure my gateway as its own NIS master, and then
# have a second NIS master for the rest of the network? (btw, the
# gateway will have a "real" Internet IP address, vis-a-vis the provider,
# one that can be different than the rest of our network... is this a
# "plus" or a "minus" [or of no consequence:]?)

Don't run NIS on your gateway.  Why would you need to?  Who would it
then share its data with, other than attackers?


-Brent
--
Brent Chapman                                   Great Circle Associates
Brent @
 GreatCircle .
 COM                           1057 West Dana Street
+1 415 962 0841                                 Mountain View, CA  94041

Indexed By Date	Previous:	Re: Security Risk Assessment (was Re: Access control for SMTP?) From: charisse @ Smallworks . COM (Charisse Castagnoli)
Indexed By Date	Next:	Re: DNS w/NIS From: jdlacour @ dal . mobil . com (Jeffrey D. LaCoursiere)
Indexed By Thread	Previous:	DNS w/NIS From: "Jonathan B. Horen" <horen @ zeus . datasrv . co . il>
Indexed By Thread	Next:	Re: DNS w/NIS From: jdlacour @ dal . mobil . com (Jeffrey D. LaCoursiere)