Firewalls: DNS on a firewall

Firewalls
(November 1995)

Indexed By Thread: [Previous] [Next]

Subject:	DNS on a firewall
From:	Jon Whitton <jonw @ mntcmp2 . demon . co . uk>
Date:	Wed, 29 Nov 1995 16:51:12 +0000 (GMT)
To:	firewalls @ greatcircle . com

Is it usual for DNS to be run on a firewall.

We will be using a dual homed firewall with FWTK installed.
The DNS could be run on the red net www. or ftp. (public) machine or on the other
Cisco 2514 Ethernet side which is connected directly to the firewall.

Is there a proxy service for DNS which could run on the firewall?
If the DNS could be compromised, then the firewall itself could then be attacked.

If DNS ran on the www. ftp. (public) machine the Cisco could be configured to stop
attacks from the public access machine if this was compromised.

Would it be better to run split horizon DNS for internal and external
networks?

If a DNS machine could be cracked that contained all the network
information surely this could cause a security scare!

Your comments please.

Jon

-- 

================================================================================

       Jon Whitton.             Internet Address: jonw @
 mntcmp2 .
 demon .
 co .
 uk

================================================================================

--

Indexed By Date	Previous:	Tools for testing firewalls integrity From: Laurent Balzinger - Centre Reseau Communication - Universite Louis Pasteur <Laurent . Balzinger @ crc . u-strasbg . fr>
Indexed By Date	Next:	Re: Firewall Proxy API From: CONQUEST @ NETWORK-1 . COM
Indexed By Thread	Previous:	Tools for testing firewalls integrity From: Laurent Balzinger - Centre Reseau Communication - Universite Louis Pasteur <Laurent . Balzinger @ crc . u-strasbg . fr>
Indexed By Thread	Next:	buffer attack (thanks) From: Alex Pakter <Alex . Pakter @ omnitel . it>