Greetings,
I have set up a perimeter network with a "fake" DNS server as described in
"Building Internet Firewalls". My question is this:
Where should a perimeter server (mail/web/other) get its DNS?
My thought is this:
If the server uses the internal DNS, a compromised server then knows
the internal topology. Not to mention the possibility of exploits into
the internal network.
If the server uses the "fake" DNS then it knows nothing of the internal
addresses. This may or may not be a problem, but that is how I came to
this question.
Thanks in advance,
- Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
