I would have your public DNS on a DMZ. I would house your private DNS on the
LAN. The Public DNS should only contain the DNS records that you absolutely
need to run, your internal DNS can have the rest. No one should connect to
your internal DNS from the outside. You can setup a forwarding on your
internal DNS to query your external DNS. I would never run DNS on a
firewall, it is too insecure. One of the most common things to hack is DNS.
I would dedicate a machine to it.
HTH
~will
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Chinnery Paul
Sent: Thursday, October 12, 2000 3:22 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Best practice: DNS location
Currently using FW 4.0 on an NT 4.0 network.
Our ISP wants us to install our own DNS and use them as secondary.
My question is where the DNS should be: should it be on our firewall server
or on our internal network. We are using NAT.
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
