> I have to agree with Peter (who also responded to this), you should be
> using a "split brain" DNS. One for your inside devices and one for your
> outside devices. If you use a DNS on the outside only, it can be
> queried and reveal information about your internal IP addressing
> structure that would better be kept secret. Most organizations use this
> approach.
Is there a FAQ on doing this? I'm in the same boat.
At the moment, I am using a DNS on the DMZ network, answering
illegal queries, and pointing all other queries to an external
server. I'd like to move primary DNS back on site, and I'm assuming
I need two boxes - one of the DMZ for zone transfers and
"official" replies, one on the private network for illegals (192.168.X)
Is this the best way?
| Dan |
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
