[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Best practice: DNS location
I would say that if the External DNS will be on the NT platform then you should... 1) Certainly not put it in a domain. 2) Disable all services possible, Server, Workstation, NetBIOS helper, LM Security Support Provider, Computer Browser, etc. 3) Unbind the WINS client from the Adaptor. You will not be able to Browse any windows networks from the Net Neighborhood but you don't need to anyway if it is for DNS. Just my 0.02 Russell Goodwin -----Original Message----- From: Tom Sevy [mailto:[email protected]] Sent: 12 October 2000 22:12 To: [email protected] Subject: RE: [FW1] Best practice: DNS location If you are running DNS on NT, don't make the NT box a member of your domain. -----Original Message----- From: Will Schwartz [mailto:[email protected]] Sent: Thursday, October 12, 2000 3:57 PM To: [email protected] Subject: RE: [FW1] Best practice: DNS location I would have your public DNS on a DMZ. I would house your private DNS on the LAN. The Public DNS should only contain the DNS records that you absolutely need to run, your internal DNS can have the rest. No one should connect to your internal DNS from the outside. You can setup a forwarding on your internal DNS to query your external DNS. I would never run DNS on a firewall, it is too insecure. One of the most common things to hack is DNS. I would dedicate a machine to it. HTH ~will -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Chinnery Paul Sent: Thursday, October 12, 2000 3:22 PM To: [email protected] Subject: [FW1] Best practice: DNS location Currently using FW 4.0 on an NT 4.0 network. Our ISP wants us to install our own DNS and use them as secondary. My question is where the DNS should be: should it be on our firewall server or on our internal network. We are using NAT. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|