In message <199702191210 .
NAA27985 @
server .
null>,
"Jan Klabacka" slapped a few random keys to produce:
>On 19 Feb 97 at 9:10, Christian Bianchi wrote:
>
<snip>
>DNS - not the most important concerning security, lots of
>possibilities, pretty complex relating to sendmail configuration for
>internal domain: My Firewall runs primary DNS for public names, acting
>as forwarder for internal DNS, which is primary for internal domain.
>/etc/resolv.conf on firewall should lead to full information about
>internal domain (i.e. having firewall as first, internal DNS as second
>- necessary for sendmail if internal structure of mail servers is
>somehow more complex).
>
>I guess it should be possible to run two DNS on firewall somehow
>(??), but I did not tried even to think about it. Problem is that if
>you have internal hosts with internal names and these hosts are
>inaccessible from public space, it should not be announced even in DNS
>- so that if this DNS should be primary for your whole domain, you
>will need also internal DNS as described. If firewall's DNS is not
>going to be primary for domain and you do not need to screen your
>internal names from outside users (lots of discussions about it), than
>it is enough to have only this DNS.
And install packet filters to aid in protecting DNS/others...
The UnSeen
References:
|
|
