There will always be a danger of people doing probes. You just have to make sure you have the latest patches and packages and block off all unnecessary ports. However I would think redundancy is the greatest issue here. if you had only one dns server at your isp and it happened to go down or say they were cracked then your domain would be unavailable. Ideally infact dns servers should be on two different backbones. i.e say your primary at either your placce or the isp then secondary at another firends who is on a different isp and backbone. Read rfc2182 regards, Noah. On Wed, 28 Mar 2001, Philipp Snizek wrote:
Dear list users,
What is the reason for installing pri dns server in a self owned DMZ and sec dns server at the isp? If the firewall ist not stateful this enables inet users to do dns probes on tcp 53 and other worse things.
Thank you all for a quick answer,
Philipp
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com