At 12:13 PM +1300 3/2/99, Jason Haar wrote:
>Says it all really.
>
>I'm setting up a proxy-based firewall, and am tossing up between only
>allowing the DMZ hosts to have access to Internet DNS servers, or allowing
>the internal DNS servers to forward to the DMZ DNS server. The latter would
>then allow internal users to lookup Internet hosts - even though they
>couldn't then connect to them.
Jason, unless your internal hosts run blind, they're still going to need
to have access to the information provided by Internet DNS servers,
regardless of how that information is forwarded though your DMZ DNS
servers, which is the way to go. Without knowing more about your setup,
I'd wonder how could you NOT allow "the internal DNS servers to forward
to the DMZ DNS server."
chris
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
