Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] DNS
  • From: Zoran Cvetkovic <Zoran.Cvetkovic@xxxxxxxxx>
  • Date: Fri, 14 Dec 2001 16:59:10 +0100
  • Message-id: <3C1A21CE.355B4B81@xxxxxxxxx>
Hello,

One fine solution is to
deploy a hidden primary server into the DMZ
and only allow zonetransfar from the outside secondary
dns server(s).

If you have choosen a good provider, he will be able
to take care of propper DNS security better than you could do.

With that solution you are absolut flexible with your zone
configuration and do not need to pay for the DNS Traf on your
leased line ;) *g*


Regards
Zoran Cvetkovic

sigismund wrote:
>
> i would like to manage my own DNS. Security is an important aspect on this
> network. My question is: Where should i put this service ? should i put the
> DNS on the firewall or it's better if i choose a standalone machine directly
> connected with the the internet ? Which security problems will i found with
> solution ?
>
> Internet
> ¦ ¦ ¦
> ¦ DNS1 DNS2
> ¦
> firewall¦------DMZ-----web---Dbase
> ¦
> ¦
> LAN
>
> Thank You
>
> Alessandro
> adebe@xxxxxxxxxxxxxxxx
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx

--
aixigo AG - financial training, research and technology
Schloß-Rahe-Straße 15, 52072 Aachen, Germany
fon: +49 (0)241 936737-70, fax: +49 (0)241 936737-99
eMail: Zoran.Cvetkovic@xxxxxxxxx, web: http://www.aixigo.de

< Previous Next >
References