[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Best practice: DNS location
Here is the link where you can download the last version of Bind for NT; http://bind8nt.meiway.com/download.cfm - dan P.S: The real last version of bind is bind 9.0.0 but it's another concept. [email protected] wrote: > Well, > > SANS Instute tops the dns attack in the top ten list of vulnerabilities. > http://www.sans.org/topten.htm > > You check this link out; > http://packetstorm.securify.com/exploits/apps/bind/ > > If you refer to the book "DNS & BIND, second edition"by Cricket Liu & Paul Albitz, > and you READ chapter 10 "Advanced Features and Security" CAREFULLY, you can > properly secure your dns server.Of course, you must installe the last version of > bind, it's like any other product, you must keep up to date for many reason, like > security!! > > Now, where you will place your dns server, bah...on a firewall or a dedicate > machine, can you install the last version of bind on a NT machine( the firewall is > on a NT machine)? if not you can put it on a dedicate machine. Of course on a > screened network...or a dmz..... > > - Dan > Will Schwartz wrote: > > > I would have your public DNS on a DMZ. I would house your private DNS on the > > LAN. The Public DNS should only contain the DNS records that you absolutely > > need to run, your internal DNS can have the rest. No one should connect to > > your internal DNS from the outside. You can setup a forwarding on your > > internal DNS to query your external DNS. I would never run DNS on a > > firewall, it is too insecure. One of the most common things to hack is DNS. > > I would dedicate a machine to it. > > > > HTH > > ~will > > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]]On Behalf Of > > Chinnery Paul > > Sent: Thursday, October 12, 2000 3:22 PM > > To: [email protected] > > Subject: [FW1] Best practice: DNS location > > > > Currently using FW 4.0 on an NT 4.0 network. > > Our ISP wants us to install our own DNS and use them as secondary. > > My question is where the DNS should be: should it be on our firewall server > > or on our internal network. We are using NAT. > > > > ============================================================================ > > ==== > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ============================================================================ > > ==== > > > > ================================================================================ > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================================================ > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|