Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] DNS
  • From: michael.ryan@xxxxxxxx
  • Date: Fri, 14 Dec 2001 15:41:19 +0000
  • Message-id: <OF8B85E269.95A95E46-ON80256B22.0054B1A4@xxxxxxxx>


I would recommend running BIND on the same machine on which you run your
mail transfer agent (sendmail/postfix/whatever). This is probably your
present gateway/firewall machine. Run the most recent version of BIND
available for your distro - versions prior to 8.2.3/4.9.8 are known to have
security issues and configure it only to honour zone transfers from your
ISP's nameservers.

Good luck!
Michael




"sigismund"
<adebe@inetlog To: <suse-security@xxxxxxxx>
istic.com> cc:
Subject: [suse-security] DNS
12/14/2001
03:23 PM






i would like to manage my own DNS. Security is an important aspect on this
network. My question is: Where should i put this service ? should i put the
DNS on the firewall or it's better if i choose a standalone machine
directly
connected with the the internet ? Which security problems will i found with
solution ?

Internet
¦ ¦ ¦
¦ DNS1 DNS2
¦
firewall¦------DMZ-----web---Dbase
¦
¦
LAN


Thank You

Alessandro
adebe@xxxxxxxxxxxxxxxx


--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx





< Previous Next >
This Thread
  • No further messages