Hello, One fine solution is to deploy a hidden primary server into the DMZ and only allow zonetransfar from the outside secondary dns server(s). If you have choosen a good provider, he will be able to take care of propper DNS security better than you could do. With that solution you are absolut flexible with your zone configuration and do not need to pay for the DNS Traf on your leased line ;) *g* Regards Zoran Cvetkovic sigismund wrote:

i would like to manage my own DNS. Security is an important aspect on this network. My question is: Where should i put this service ? should i put the DNS on the firewall or it's better if i choose a standalone machine directly connected with the the internet ? Which security problems will i found with solution ?

Internet ¦ ¦ ¦ ¦ DNS1 DNS2 ¦ firewall¦------DMZ-----web---Dbase ¦ ¦ LAN

Thank You

Alessandro adebe@inetlogistic.com

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

-- aixigo AG - financial training, research and technology Schloß-Rahe-Straße 15, 52072 Aachen, Germany fon: +49 (0)241 936737-70, fax: +49 (0)241 936737-99 eMail: Zoran.Cvetkovic@aixigo.de, web: http://www.aixigo.de