At 05:07 07/05/01 -0700, Alvin Oga wrote: >hi all.. > >i probably should have added that the dns was for the >internet side...not local dns for local machines... > >and yes..its always a problem when they dont have the $$$$ >for separating fw, dns, email, web, home server, db server, >backup servers, log server, pop3, ppp, etc > - so which servers do you combine ??? > ( gets bad when they have their minds pre-defined already ) > > - even a 486-based machine would be fine for most small corp > to run as dns or as simple "standalone" firewall... It's not a problem of $$$$. It's a problem of design and of security. I'll always run DNS on the FW. I know much guys here will shout, cry and scream, but I yet to hear anyone proving that this is bad. The old prinicples of minimality, defense in depth, and other nice names are just myths with no serious practical foundations. People have a tendency to blindly follow "well-known" principles. I for my own will say: don't follow me, don't follow anyone. get the truth by yourself. cheers, mouss - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
