I would recommend running BIND on the same machine on which you run your mail transfer agent (sendmail/postfix/whatever). This is probably your present gateway/firewall machine. Run the most recent version of BIND available for your distro - versions prior to 8.2.3/4.9.8 are known to have security issues and configure it only to honour zone transfers from your ISP's nameservers. Good luck! Michael "sigismund" <adebe@inetlog To: <suse-security@suse.com> istic.com> cc: Subject: [suse-security] DNS 12/14/2001 03:23 PM i would like to manage my own DNS. Security is an important aspect on this network. My question is: Where should i put this service ? should i put the DNS on the firewall or it's better if i choose a standalone machine directly connected with the the internet ? Which security problems will i found with solution ? Internet ¦ ¦ ¦ ¦ DNS1 DNS2 ¦ firewall¦------DMZ-----web---Dbase ¦ ¦ LAN Thank You Alessandro adebe@inetlogistic.com -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com