I have an increasing number of users who want matching forward and reverse
DNS records because they're using ftp and telnet to external sites that
require it. This is a minor administrative hassle (DHCP reservations where
I'd ordinarily have them dip into the pool), but from a security standpoint
I'd rather minimize the amount of info about internal systems I advertise
via DNS. These users generally have defensible business needs for the
access.
What can Firewall-1 do for me to spare me the administrative hassle or to
minimize the amount of internal info I'd need to list in DNS? For example,
can FW-1 help me implement some sort of ftp proxy server, where the proxy
has matching DNS forward/reverse entries?
--
Jim Becker
The Urban Institute (http://www.urban.org/)
DECUS ESILUG (http://eisner.decus.org/lugs/esilug/)
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
